There’s a new security flaw making its way around the Internet.
It’s called Heartbleed, and some of your most frequented web sites are affected. Before you do anything else, changing your password for sites affected by the security hole should be a priority.
You can check out a list of affected websites here, and see some pretty major names on it (Facebook, Instagram, and Google, among others).
Many sites have already patched the bug, and sites like The Verge say the security flaw could be a little overblown, but the fact remains that accounts were potentially compromised, and no one really knows the extent of the damage.
Almost every site affected is suggesting that users change their passwords just to be safe. So what can you do to stay on top of your online security? Here are a few tips to get started on the road to password recovery.
Get a Password Manager Now
You can keep track of all of your passwords with a password manager. With a password manager, all you need to remember is your master password. Apps like 1Password and LastPass are designed for storing all your passwords in a secure, encrypted area. In the wake of the Heartbleed flaw, 1Password is currently 50% off, so now is as good a time as any to take the first step in securing your digital life.
Make Every Password Unique
While you can store all of your passwords in a password manager, it won’t do you any good if they’re all the same. Using a different password for every site is highly recommended to prevent a single password from unraveling your entire online identity.
If hackers get a hold of that information, it leaves the door wide open for other forms of online theft. Be sure to make every password unique, with no identifiable patterns between them.
Use Randomly Generated Passwords
You can always take it a step further and randomly generate your passwords. Randomly generated passwords can be customized in length and character type.
A password with a mix of letters and numbers is more secure than one that’s simply a word in the dictionary, and less prone to failing during a brute force attack from thieves. Most password managers will generate passwords for you based on whatever parameters you enter.
Use Two-Factor Authentication
Two-factor authentication is a relatively new form of account security that uses both a password and a unique identifying code to add an extra layer of protection between your information and hackers.
Whenever you login to a site that supports it, you’ll be asked for an identifying code generated by your phone or sent to your email address to ensure that you’re the one logging in. It’s one more step in the process that will do wonders to prevent malicious attacks against your online identity.
A list of sites that support two-factor authentication has been compiled by Evan Hahn if you want a more comprehensive list.
Google has a site dedicated to two-factor authentication, and released a video about why it’s important. You can check it out below.