It’s still unclear how severe the Heartbleed security problem is. We’ll know more as time goes on, but for right how, here are some suggestions for what you should do.
- Change your passwords, but only after a site notifies you to do so. Changing them too early may mean that you’ll just have to do it again.
- Check the latest lists of sites affected by Heartbleed, and their current status. LastPass users can check to see whether their passwords should be changed.
- When you change your passwords, make them something that is used only in one place. Using the same password multiple times is asking for trouble.
- Use a password manager like LastPass, KeePass and 1Password. This is the only way to manage individual passwords for every site you need to log into. (1Password is offering their software at a discount as of this writing.)
If you own or manage a website, you should:
- Check to see if it uses the https:// protocol for secure logins. If it does, you will have purchased an SSL certificate, and this may have to be revoked and reissued. But almost all websites for CHCS clients do not use the https:// protocol, so they do not need to be updated.
- Check to see if any third-party application you use (like shopping carts, form builders, and the like) is recommending that you change passwords. Again, they will notify you if and when you should do so.
- Make sure that you have updated any software your site uses (like WordPress and its plugins) to the latest versions.
CHCS continues to monitor the situation closely, but we encourage you to do so as well.