Here is an article about Heartbleed that most people will be able to follow. It covers the topic well.
Should you change your passwords now or later or never? I'm sorry, but that's hard to say. It's better to change your passwords after a site's system is brought up to date, but we can't keep track of when that happens. Honestly, just take a guess and change your passwords when you want to. I suggest doing it some time between now (mid April 2014) and early May.
Remember, your bank has an interest in protecting your account and your assets. If your account is compromised and you can attest to this, they will restore things. Other companies may not be as willing to help, but they also matter less than your bank account.
One thing that really does matter is your email account. You might say that your email doesn't contain valuable information, but it probably holds more than you remember. Also, the bad guys can glean a lot by piecing together information. So do protect your email account.
One important and useful feature that Google Mail (aka gmail) offers is 2-step authentication. Please read this article about it. There are sections on why you need it, how it works, and how it protects you. You might find it cumbersome to use at first, but I promise, you will get used to it. The benefit is very big. If you have a smartphone, an app will tell you your password of the minute. If you use a dumb cell phone, google will text you with a password of the minute.
One person heard about this and said, "They are the last people I want to hand my cell number to." Well, OK, the impulse to distrust big companies is well founded, but this is exactly where more trust of this sort is better than less trust. It is an authentication system. They want to make sure it's you, and you have a way of proving it's you that's better than just a password. You want the authentication to be strong, which is to say, you want it to be hard for the wrong people to get into your account. You have a mutual interest in this.
They take our data and use it for aggregate statistics, not for individual prying. They could conceivably draw conclusions about the number of people who have 973 area codes, but I doubt it. There is nothing to be lost and plenty to gain from using your cell phone to help with authentication. But you only have to do this if you have a dumbphone. If you have a smartphone, you'll install the app, and you won't use texts. The app will provide the password of the minute magically, and you will type it into gmail.
One reason 2-step authentication is better than 1-step is that it relies on two types of things. Your password is something you know, whereas your cell phone is something you have. Using either as a key to open a lock is secure to a degree, but needing both is more secure than using either one alone.
I highly recommend this. I've been using it for years, and I feel pretty confident that no one has broken into my account, and I feel confident it won't happen soon.
One reason 2-step authentication is better than 1-step is that it relies on two types of things. Your password is something you know, whereas your cell phone is something you have. Using either as a key to open a lock is secure to a degree, but needing both is more secure than using either one alone.
I highly recommend this. I've been using it for years, and I feel pretty confident that no one has broken into my account, and I feel confident it won't happen soon.
No comments:
Post a Comment