How to protect yourself online
Our guide to securing accounts compromised by Heartbleed.
If this week’s Heartbleed scare has left you daunted at the task of cleaning up your sloppy online security, you’re not alone. The security management company LastPass estimates the average Internet user has 25 passwords — and many people break all the security rules and use the same password for more than one website. Should you panic about Heartbleed? If your password is Fluff1thec@ t and you’ve used it on every site you’ve ever signed into, maybe you should skip tonight’s date and triage. For the rest, the best advice I’ve heard comes from Mark Nunnikhoven, a vicepresident with Trend Micro: “It’s no use stressing out over it.” With advice from Nunnikhoven and other experts, here is a consumer’s guide to staunching the Heartbleed.
1. Don’t forget your phone or tablet
Heartbleed isn’t just about websites on your PC. Close to half of all Canadians have smartphones. Nunnikhoven warns your tablet or smartphone could be connecting to something that’s vulnerable online. Good news for Apple users, that company has said none of its services were affected by Heartbleed. Nunnikhoven said Android phones that are less than two years old probably won’t have an issue, but phones two years or older could have. And for all phones and mobile devices, if you are signing in through a website and not an app, the same advice applies as for web services so take precautions.
2. Check online accounts before you change passwords
If you use the same password on all your accounts, start changing them anyway because any one will give a hacker access to all your accounts. Otherwise, check to see if a website has been fixed. If it hasn’t been, you could change your password and a hacker could come along later and unbeknownst to you, collect the new password.
3 But I have 147 accounts!
If you have dozens of accounts, this can be scary. Start with the most important — the email account you use to get password resets and other info that could give a hacker the keys to taking over your ID. Canadian banks and credit unions weren’t affected but make sure you have a unique password for online banking and take advantage of the extra security tools that may be offered by your bank or credit union.
4. How do I check to see if a website has been affected?
There are several ways. The best websites notified you by email or on their website. There are online tools to check if a website is vulnerable and/ or if it has been fixed. LastPass has a good one that tells you if a site was vulnerable and if it is now safe to change your password ( at https:// lastpass. com/ heartbleed). Mashable is updating a list of major sites as news comes in. Google was and is fixed, LinkedIn wasn’t, Facebook fixed it before Heartbleed was made public. Full list at http:// mashable. com/ 2014/ 04/ 09/ heartbleed- bug- websites- affected/
5. Does a company have to warn me if it has been affected?
In B. C., no. In Canada, amendments to privacy laws have been proposed. In B. C., a legislative committee is reviewing the province’s privacy legislation.
6. I can’t remember a different password for every account.
You don’t have to. That’s what password management tools are for. Plus they’ll generate those 12- character massively complex passwords that you could never remember but are way more secure than your pet’s name. Most are free and with paid versions for extra features like service for all your mobile devices. Don’t Google for password management software. Better to go straight to a website you know or check CNET Reviews ( http:// www. cnet. com/ reviews) to make sure you’re not landing on a bogus website that will install malicious software on your computer.
7. Time for spring cleaning
Go through every account you have, whether it’s a store you no longer shop at or an obscure social media network you never use any more and take the steps necessary to close down your account.
8. Keep watch
Don’t wait for your credit card bill or bank statement to arrive. Keep a check on your accounts online for suspicious activity. The same for your email and social media accounts.
9. Is your hard drive whirring when you’re not using it?
Your computer might have been infected by malicious software. A lot of us tend to be a little lax about updating operating systems, keeping antivirus up- to- date and paying attention to our computer’s performance. Now would be a good time to fix that.
10. Protect your credit
Tim Ashby, vice- president of personal solutions at Equifax Canada, recommends consumers take advantage of free credit reporting. You can also pay for additional services, such as credit monitoring or to set up a fraud alert on your account. With a fraud alert, if anyone tries to get a credit card, mortgage, loan or otherwise use your identity to get money, you and the potential lender will be alerted.
Final advice: Relax
While you don’t want to ignore Heartbleed and hope for the best, no one knows yet if hackers infiltrated websites that had the flawed security software. Take precautionary steps but don’t let it keep you awake at night. Don’t panic and click on a link in an email purporting to be from your bank or another account and asking you to change your password because of Heartbleed. The security scare has crooks rushing to take advantage of the panic.