BRATTLEBORO — The news media and the Internet have recently been filled with stories about Heartbleed, a previously undetected flaw in the coding of the security infrastructure that makes up much of the web.
The simplest explanation is that someone aware of this exploit could potentially access your passwords to all of your online accounts. It is considered by some to be the biggest threat on the Internet to date.
Businesses and individuals don't so much need to understand the specifics of what Heartbleed is and isn't as they should know what they can and should do in response to its exposure.
Much of the security weaknesses brought to light by the Heartbleed exploit will have been resolved. Most of the responsibility for fixing this problem belongs to those who host and maintain web domains.
But until the fixes make their way onto web servers worldwide, those of us using the web should do a few things immediately.
As someone who has worked on a lot of computers over the years, I can say that maybe 3 percent of us are taking full advantage of the many ways to keep data and identity private.
If you or your business has a website, you can start with your web hosting service to see where it is in responding to Heartbleed. Most hosts will by now have either communicated with their clients or posted information on their own respective websites, so start there.
And as for your use of other websites? Following are a few tips for home users and businesses alike.
* * *
Passwords: Even text-based passwords will become passé at some point in the near future, but for now, it's the way of the web. So as long as we're using letters, numbers, and symbols, we need to create the most secure passwords we can.
Password crackers and programs designed to run billions of combinations a minute mean that the only defense is pure luck and as random a series of characters as you can comfortably combine. Say goodbye to easy-to-remember passwords like “fido1234” in favor of a longer string of characters and symbols.
Even better is a generated password of random characters.
For now, I've been advising my clients to change all their passwords now, then again in a few days, and then thereafter in regular cycles.
* * *
Password managers: Memorizing such sufficiently secure passwords can be near to impossible, so the advent of password managers solves that.
Software and apps like LastPass, Dashlane, Keeper, and others are growing in popularity. They not only allow you to store a list of your existing passwords but also to generate new and complicated passwords any time you like.
Many of these services are free and, for just a few dollars, some will offer premium advantages for even more usability and ease. And most will install into your web browser for fairly seamless operation.
* * *
Browser extensions: Most of the popular web browsers like Chrome, Firefox, Safari, and, yes, Internet Explorer (if you must) offer add-ons and extensions to bolster your security and reduce your overall risk on the Internet.
To address the security crisis of the moment, Google's Chrome offers an extension called ChromeBleed that will flag a site that is a security risk from Heartbleed.
Well beyond that resource are many, many free extensions to provide other layers of protection. Among the most popular and effective are HTTPS Everywhere and Web of Trust.
This software is free, easy to find, easy to install, and easy to set up. If you don't think it's so easy, someone who loves you will do it for you if you ask.
* * *
Two-step verification: This is one of the easiest and most effective ways to assure that you, and only you, can sign in to your accounts online - and it's also barely used by anyone.
Two-Step Verification adds another layer of security to your account, greatly reducing the chances of having your information in your account stolen.
To get into an account that's locked down with this technique, evildoers would not only have to know your user name and password, but would also have to be holding your phone.
* * *
Common sense and due diligence: Many of the biggest security threats online could be drastically reduced if users would engage their own instincts more and even automate routine safety and data safety settings. Above all, be aware that, just like in real life, most people are operating benignly, but some are not.
Sadly, we have to adjust our protections for that minority that chooses to not play fair. So as you move around the Internet, be aware that any transaction or exchange of money on the web has the potential to be exploited by someone.
When in doubt, don't. Then check with someone who knows.
There are many additional layers of protection available - some for free - and a number of other simple changes that users can make in light of Heartbleed.
But perhaps the silver lining to this problem is a renewed opportunity for us all to examine our Internet habits and security. Despite the breadth and width of this problem, it's quite possible that the public awareness of Heartbleed will lead to a new and much-needed approach to privacy, security, and passwords.
In the meantime, protect you and your data (and, for businesses, your customers' information), and consult your favorite computer technician with further questions. This is definitely a topic worthy of your time.