In the wake of widespread media coverage of the Internet security debacle known as the Heartbleed bug, many clients are understandably anxious to know what they can do to protect themselves. Here’s a short primer:

The Heartbleed bug concerns a security vulnerability in a component of recent versions of OpenSSL, a technology that a huge chunk of the Internet’s websites rely upon to secure the traffic, passwords, and other sensitive information transmitted to and from users and visitors.

The bug has affected many popular websites and services — ones you might use every day, like Gmail and Facebook — and could have quietly exposed your sensitive account information (such as passwords and credit card numbers) over the past two years. This does not impact your local computer passwords, for instance when you first boot up your computer and key in a username and password; those passwords are not impacted by this.

Some Internet companies that were vulnerable to the bug have already updated their servers with a security patch to fix the issue. This means you’ll need to go in and change your passwords immediately for these sites. Even that is no guarantee that your information wasn’t already compromised, but there’s also no indication that hackers knew about the exploit before this week. The companies that are advising customers to change their passwords are doing so as a precautionary measure.

Although changing your password regularly is always good practice, if a website or service hasn’t yet patched the problem, your information will still be vulnerable.

Also, if you reused the same password on multiple sites, and one of those sites was vulnerable, you’ll need to change the password everywhere. It’s not a good idea to use the same password across multiple sites, anyway.

If you would like to check whether or not a site is vulnerable, head over to

https://lastpass.com/heartbleed/

Should you have any other questions or concerns, please contact Tech Help via email or phone and we’ll be happy to answer them.