Heartbleed and the Importance of Two-Factor Authentication #1aDay

With the recent announcement of the Heartbleed vulnerability it’s more important than ever to consider your security precautions. Of particular importance you should be…

  • Using a password manager like LastPass or KeePass
  • Using Two-Factor Authentication wherever you can
  • Using strong passwords wherever you can’t use Two-Factor Authentication

So now a few details…

What is Heartbleed and why do I care?

For those who are not server administrators, Heartbleed made it possible for attackers to steal information from servers memory. Of importance to you, that information may have included usernames and passwords. Should an attacker have your username and password I’m sure you can figure out that they could do not nice things with that information.

What can I do?

Use a password manager like LastPass or KeePass

Tools like LastPass and KeePass are great because they give you a secure and central place to store your usernames and passwords. Plus a service like LastPass includes additional tools and can provide valuable services like they did with Heartbleed to let you know where you should be updating your passwords. Concerned about using a service like LastPass? Here’s a good article on why you may not need to worry.

Use Two-Factor Authentication wherever you can

As that article above pointed out, you should be using Two-factor authentication wherever you can. Two-factor authentication requires an additional step in addition to entering your password, usually by sending a message to your mobile phone or using an app on your smartphone. Basically, with 2 factor authentication, logins require something you know (your password) and something you have (your phone). In short, two factor auth prevents Heartbleed because should an attacker have your password, they still don’t have your phone and thus would not be able to login as you.

You can find a good site with lots of places that allow two factor authentication here. My suggestion, support companies like these with take security seriously.

Use strong passwords wherever you can’t use Two-Factor Authentication

If a site does not allow two factor authentication, I would highly recommend that you use a strong password. Here’s another place where a service like LastPass or KeePass come in handy because they can generate strong passwords for you.

Change your Passwords

Keep an eye on this list for when and where to update your passwords. Even if a site sends you an email saying they weren’t affected, it wouldn’t hurt to change your password and add it to your password manager. Chances are you weren’t using a secure one to being with.

Leave a Reply