Join The Discussion

 

Group buys former Armour meatpacking site in Stockyards

The 16.8-acre site of the historic, former Armour meatpacking plant in Fort Worth’s Stockyards has changed hands, and its new owners aren’t saying anything about their plans. Chesapeake Land Development Co., which bought the site

read more >

Fresh Ebola fears hit airline stocks

DALLAS (AP) — News that a nurse diagnosed with Ebola flew on a plane full of passengers raised fear among airline investors that the scare over the virus could cause travelers to avoid flying.

read more >

Social House Fort Worth plans to open mid-November

Social House has leased 5,045 square feet at 2801-2873 W Seventh St. in Fort Worth, according to Xceligent Inc.

read more >

Ski Grand Prairie? TCU, UTA grad helping bring snow to Metroplex

For Levi Davis last week may have been a career peak, in more ways than one.

read more >

GE rises most in year with equipment order increases, including at Fort Worth locomotive unit

NEW YORK — General Electric Co. beat analysts' profit estimates in the third quarter as Chief Executive Officer Jeffrey Immelt squeezed more costs from the manufacturing units.

read more >

Protecting your passwords after Heartbleed

The newly discovered Heartbleed bug in OpenSSL could have far-reaching consequences for online security.
Credit: From Heartbleed.com

Change these passwords right now
By Jose Pagliery

NEW YORK (CNNMoney) -- Websites are racing to patch the Heartbleed bug, the worst security hole the Internet has ever seen.

As sites fix the bug on their end, it's time for you to change your passwords. The Heartbleed bug allowed information leaks from a key safety feature that is supposed to keep your online communication private -- email, banking, shopping, and passwords.

Don't change all your passwords yet, though. If a company hasn't yet updated its site, you still can't connect safely. A new password would be compromised too.

Many companies are not informing their customers of the danger -- or asking them to update their log-in credentials. So, here's a handy password list. It'll be updated as companies respond to CNN's questions.

Change these passwords now (they were patched)

Google, YouTube and Gmail Facebook Yahoo, Yahoo Mail, Tumblr, Flickr OKCupid Wikipedia

Don't worry about these (they don't use the affected software, or ran a different version)

Amazon AOL and Mapquest Bank of America Capital One bank Charles Schwab Chase bank Citibank E*Trade Fidelity HSBC bank LinkedIn Microsoft, Hotmail and Outlook PayPal PNC bank Scottrade TD Ameritrade Twitter U.S. Bank Vanguard Wells Fargo

Don't change these passwords yet (still unclear, no response)

American Express Apple, iCloud and iTunes Healthcare.gov

Lily Hay Newman
(c) 2014, Slate.
NEW YORK — You've probably heard about Heartbleed by now. It's big, bad wolf of an Internet security problem. And though it's mainly server managers who have to take steps to fix it, you can manage your passwords to help protect yourself.

The strangest thing about Heartbleed is that changing your password on a particular site only gives you more protection if that site has already applied to the Heartbleed patch and resolved its vulnerability. If it hasn't, changing your password in advance could theoretically put you at greater risk. Heartbleed is a vulnerability in a server's memory (RAM), not its data storage, so a hacker has access to things that are being called up by the server not everything that's stored on it. That means that the hacker could ascertain your new password, too.

Lists, which are being frequently updated, can tell you which websites are vulnerable and which have been patched. Once a site is no longer vulnerable, it's time to change your password. You're going to have to do this on a lot of sites, so this is the perfect time so start using a password manager.

A password manager helps you generate random, strong passwords so you don't have to think of them yourself. Then it stores your login information for every site you use, autofilling a password whenever you need one. You don't need to know or remember your passwords, because they're all stored and protected behind one master password that you make extremely strong and unguessable. I use 1Password, and my master password is a fairly long sentence (without spaces) that includes alternate spellings, numbers in place of certain letters, and punctuation.

I'll admit it. I kind of hate using a password manager. Setting it up is tedious, and it's a little unsettling to never know any of your passwords. It doesn't matter so much when you're on your personal computer and have 1Password (or your password manager of choice) running, but when you're using someone else's computer, you have to use a an app to check your password for any site/service you want to log into.

Password managers aren't about fun, though. They're about proactively protecting yourself from much more annoying, and potentially detrimental, problems down the line if your personal information gets hijacked. And they do offer a lot of useful features like super secure notes and a password generator. Many even incorporate two-factor authentication, and in our leaky digital world, it's reassuring to use a service whose only priority is security.

Good options for password managers include LastPass, Dashlane, 1Password, Roboform, SplashID, mSecure, and KeePass. There's initial effort to get your password library going, but once it's up and running it won't get in your way. And it might save you some heartache, if not Heartbleed, sometime.

---

http://on.mash.to/PTgjhh

---

Newman is lead blogger for Future Tense, a partnership of Slate, New America and Arizona State University.

 

< back

Email   email
hide
Ebola
How worried are you about Ebola spreading?