This is a quick but important update to that article. Heartbleed problem is much more serious than originally thought. Even governments are issuing warnings. So we need to protect ourselves immediately.
Follow these step by step instructions given below.
What is Heartbleed and Why should I bother?
The simplest explanation is this. Heartbleed is a technical problem which has made all our web passwords potentially open to the prying eyes of hackers. This article tells you how to protect yourself against this risk.
If you are not a technical person, skip the purple text.
Has your site plugged the Heartbleed problem?
This is a question you should be asking before visiting any site which requires you to transfer secure (apparently!) information.
Many web sites have come up offering you to type the web address of any site and check if the site is now safe. Although this method works, it is cumbersome.
LastPass Security Check
Now, LastPass has added this site scan to its Security Scan feature. This saves you lots of manual work.
Why LastPass? Why not use any other tool?
I use LastPass and most users don’t use anything – because they don’t understand the importance of this activity. This is an urgent situation. Therefore, you must use what you know well and have trust in. No time for trial and error and evaluation.
By all means you can use any tool which you like and trust.
I will do all this manually, myself
Fine. Then these are the steps for you.
Do this for every site you visit and use a login id and password.
Go to this page and type the site address
If yes, change your password immediately
If not, follow the instructions mentioned there
Using LastPass: Step by step instructions
Go to the site www.lastpass.com from your PC or Mac
Download the free version (whichever is the latest version)
Run it and install it. First time you run it, it will ask you to create a master password.
Use a long complex password. Remember that password.
An easy way to create a complex password is to use a name of a song or movie and tweak it. For example, your password could be the spy wh0 l0ved mE
Notice that I changed the character 0 with number zero. This is an example of course.
DO NOT use this particular password
Login to LastPass and choose Security Check.
Let the check be performed and then check the results. It is a long page with a score and lots of information. Scroll down till you reach this section.
A new section has been added for Heartbleed status of your sites.
Now click on Go Update link for each site and generate a new password immediately.
Scroll down further. The same report shows the strength of all your stored passwords. Look at the weak ones – red and orange – visit the sites and change them automatically.
Updating the passwords
Go to the password change page of each site which needs a password change – either because of Heartbleed or because it was weak.
You must enter the old password and generate the new one. LastPass will help you with both these steps.
Now let LastPass generate the new password.
Save the new password. Choose Yes, Use for this site option.
Try logoff and login again to be sure. And then you are done.
The password will be updated in the vault on all devices. However, you will have to login separately on all devices again. You can also use auto-login feature.
Think of other sites
LastPass can show you sites for which you have saved passwords in your browser. If you visit sites but never store the credentials, then LastPass will not know about such sites. You must remember to go to these sites manually, check for vulnerabilities and add the site to LastPass.
Manage other devices
If you have more PCs, you can download LastPass on each of them and login using master password.
If you have mobile phones, you will have to manage the passwords manually. If you purchase the premium version (USD 12 per year), then you get LastPass app for all platforms and the same convenience and security which is available on PC will be available for mobile devices.
Run security check regularly
Even if you finish the work today, it is not enough. It is a good idea to run security check every week. I know it sounds like lot of work, but it is required.
Technology has changed our lives for better. But the risks have also increased. It is just a part of the game. Play the game well!
Spend few hours
This sounds easy. It is easy. But it is time consuming if you are doing this for the first time.
This is a priority. Spend time on this. This is called risk management. Prevention is better than cure.
Do it NOW.