So…much has been made of the a bug found in OpenSSL which is an open source application that is used heavily in the internet and with computer security. There has been a lot of concern about the OpenSSL bug, known as Heartbleed (and they should rightfully freak out), folks are forgetting something that can be an extra layer of protection.
Two factor authentication
While it WILL NOT encrypt your internet traffic, it will prevent someone from getting into your system that isn’t authorized in the event they find out your password/crack your password.
What is 2FA (Two Factor Authentication)? It’s basically a time based number generated based off a seed. If you have ever logged into a VPN for work and have to pull a number off of a token or get one from an app on your smart phone/laptop…that’s 2FA. You can’t get in unless your token is valid, and it is only valid for a limited time as well as only from one computer at a time.
If you want to watch a video explaining it…here is a good one done by Google.
Changing your password is good, and you should do it (make sure you check to see if the service has been patched first) however you need to think about here and now. Passwords are much easier to crack than you think and a lot of the time your user name is easily known, as are some of the challenges (hello? Your first job… mother’s maiden name… etc.). Security is a proactive thing and there always be that next thing folks are after. Your digital information is a treasure trove for bad guys and while it is easy to think “I use a hard password…”, all it takes is a sleepy developer who is running low on caffeine to make a mistake and you can have a bug that exposes your information to them. Take that next step…think about 2FA and if the service (e.g. Google, Dropbox, your banking institution, etc.) allows for it, turn it on. When someone was trying to crack my Facebook account and email accounts, 2FA was part of my defense.
Not sure about two factor authentication or where it can be enabled? Head over to twofactorauth.org for a frequently updated list of services that are know to have it or not.
It does beg the question of “What happens if I my phone or I can’t access the token?” Most places provide a backup “master” password that is unique and/or one time use. Print it out, stick it somewhere safe that you can access it in case of emergency…and what ever you do…don’t stick it under your keyboard or label which account it is for. Bad guys look under keyboards and read.