Facebook, Gmail & More — Change Your Passwords for These Sites Affected by Heartbleed
You may have heard about the recently discovered Internet-security flaw called Heartbleed, which may have exposed people's passwords and other confidential information to hackers. Below is a list of major sites that were affected by this flaw, which means that if you use them, you should probably change your password right away:
- Gmail and other Google sites (Google did release a statement saying that its users were safe and likely have nothing to worry about. It's up to you, but changing your passwords would be the safest choice.)
- Yahoo Mail
- Amazon Web Services (This is not Amazon.com, the shopping site.)
- Intuit (TurboTax)
Somewhat surprisingly (or not, depending on what you think of them), the big banks and most financial-services companies do not seem to have been affected. Bank of America, Chase, Fidelity, E*trade, Wells Fargo and more did not suffer any risk of a security breach, as they do not utilize the particular software that was exposed.
Mashable has put together a comprehensive, easy-to-read list of what sites were and weren't affected, including statements from the companies explaining what they've done to patch the flaw or, in some cases, why they weren't affected in the first place. And if you're curious about a particular site not listed there, you can enter the address here and find out if that site is vulnerable or not.
Here are a couple of quick and (relatively) easy ways to protect yourself against identity theft and loss of other personal data (via Vox):
- Reset all your passwords using a password manager like Dashlane, LastPass or 1Password
- Use two-step verification, which requires someone to get both your password and your phone in order to access your data
- Change all of your passwords regularly, as in more than once a year or only when a company prompts you to do so
- Make a list of all your passwords and their corresponding sites. This can be a pain, but it's probably the most effective way to keep track of everything.
Last, the great Web comic XKCD has provided an important lesson about how to choose a password. Remember, using a password with a lot of gimmicks (like "Tr0ub4dor &3") isn't nearly as effective as a string of random words (like "correct horse battery staple"). Here's why:
Though be careful not to actually use "correct horse battery staple"—that one's taken.