Pro Tips: How To Handle Heartbleed

Posted in Insights

[]

Call us bleeding hearts, but Heartbleed makes us concerned for your online security. We told you earlier what you should know about Heartbleed, and since it’s been a vulnerability in 2/3 of all websites for 2 years, it’s probably a good time to reset your passwords.

Resetting the many keys to your digital world is a project right up there next to taxes and root canals. So we asked FINE’s team of professional project managers to publish their “pro tips” on how to make this otherwise painful task, you know, manageable.
It all boils down to 7 magic steps:

Step 1: Grab a bottle of wine or your favorite beverage and find a comfortable workspace. This could take awhile. (Here are some FINE recommendations)

Carin’s Pro Tip: **If you’re like me, your life’s a blur of analog and digital and so is your method for saving information like logins. So before you fire up your machine and get started, have your file folders and clump of Post-It notes handy.

*Step 2: *Consider installing a system like LastPass or Dashlane to manage your 'digital wallet'. Starting with this step makes the whole process a lot easier.

Lori’s Pro Tip: I switched to *[Dashlane](https://www.dashlane.com/ "") a few months ago after reading about their security practices and really trust their service.*

*Step 3: *Especially if you skip step 2, but even if you don't, inventory your online environments. You can gather this from looking at your bookmarks and browsing history. If you're on a mac, look in your Keychain (type “Keychain” in Spotlight search).

Devon’s Pro Tip: I use a 3-column spreadsheet with Website name, Security level and last status of whether I’ve changed the password yet.

*Step 4: *Categorize the sites on your list into levels of security based on the type of information the site retains. First update sites you use where you’re managing financial information, such as bank and credit card accounts. Then, move onto commerce accounts that contain saved credit card information. Finally, address those with less sensitive information.

Stephanie’s Pro Tip: *Be sure to review your email and browsing history to find any and all sites where you may have created accounts or transacted in the last year or so. Prioritize based on the impact it would have if the personal information saved were to be compromised. *For example, email or banking or sites with your password saved (like Amazon) would be the highest risk, while something like Pinterest would be lower security.

*Step 5: *Brainstorm either a password per level of security or a method to have a unique password per site, but that follows a logical system. For instance, if you assign the first 2 letters to the name of the site, WellsFargo might start with WF.

When choosing passwords, remember:

a) Longer passwords are safer than short. Typically 6 characters is required.

b) Put in 1 number, 1 uppercase and 1 character (like an exclamation point).

c) Random sequences of words or acronyms can help memorability, but make sure you have a number or letter in there too.

Consider a standard password that has different levels of security like:

ilovemyfinewebsite

iLoveMyFINEwebsite

iL0v3myFineW3bs1t3!

Sam’s Pro Tip: Don't try to remember passwords, use a password manager that syncs with all of your devices so you can have more secure combos. Password managers will typically auto generate those.

*Step 6: *Make sure the site you're changing the password on is no longer vulnerable by typing the website address into this 'checker' tool. Then change the PW and mark it “done” on your spreadsheet. Write down your master password and put it in a safety deposit box or household safe for your family or spouse just in case they need to access your accounts. Make sure to remember to tell that family member where to find that master list

If the site is still vulnerable, it’s best to check back again and update your password as soon as you get a confirmation the site is unaffected or secure. Contact them to find out what their plan is to get that done.

Mashable has put together a list of big sites that are still unpatched, you can check that out here.

Caroline’s Pro Tip:** If you want to keep a record of your password in digital form for easy access, don’t write the full password. Instead, write down a clue that hints to what the password is.

*Step 7: *The price of freedom is eternal vigilance. In other words, with a little bit of work, you can head off most risks to your digital life before they develop into big problems.

 

More Insights