SHARE

how to bypass heartbleed

Heartbleed has been termed as the biggest bug ever that has exposed as much as one-third of all websites to the vulnerabilities of data theft. Most of the big and main stream websites and service providers, such as Google, Facebook, Yahoo and Microsoft, took immediate action and provided patch as well as suggested that their users change their passwords immediately. However, as the Heartbleed bug’s impact has been huge, there are still a lot of websites out there which have not updated their security certificates. Changing passwords on these websites will not make you any safer as the security hole has not been closed yet and your data including password can be breached again. Following steps are suggested to protect your data.

Check if the bug has been fixed or not

First logical step that should be taken is to identify the websites and services that have or have not patched the bug. You can check it at the McAfee Heartbleed test website or use the Qualys scanner. All you will have to do is to enter the domain and the system will provide further details. Alternatively, a list is also maintained and updated here by Digital Trends.

After you identify the websites that have provided the patch, change your passwords. There is no point in changing passwords of those websites which have not plugged the hole. The password itself shall be chosen wisely and that is what is detailed next.

Two-factor authentication

Imagine if the service that you use asks for an additional authentication, such as a code, that is inaccessible to the hackers and you use it alongside your regular password to access the service if you try to login from an unfamiliar device. Even if the password is breached the hacker cannot get into the website that you use since it does not has access to the codes or any other form of additional verification. This is called two-factor authentication or 2AF. Normally, this second authentication is a one-time usage only code that is sent through SMS to the user. Although, it can be a little inconvenience but the additional layer of authentication protects you immensely and perhaps you do not use unfamiliar devices that often. However, not all service providers use it. Check which providers are using it and which are not through this website. The website also contains links to instructions on enabling it if a website uses 2AF.

Use password manager

No matter how hard you try, it is very difficult to create a unique and strong password for each service that you use, which is highly recommended, that is easily remember able for you as well. Thus, we need someone who (which) can remember all the passwords for us. In other words, we need a password manager. A password manager keeps track of all your unique passwords and assists you with automatic logins and if a big security issue arises then it is very manageable to change passwords using password managers. There are many good password managers out there but onlyLastPass, RoboForm, Norton Identity Safe, and 1Passwordare recommended as they are reliable.

However, taking all the above mentioned steps does not guarantee a 100% safety but it does provides a better shield in case of an attack. Hackers and their techniques are becoming sophisticated and our reliance on web-based services is ever increasing. Thus, the breaches in future could be more catastrophic than ever.

 

NO COMMENTS

LEAVE A REPLY

This site uses Akismet to reduce spam. Learn how your comment data is processed.