You are here: Home / Learning / DSS IT Recommendations on Heartbleed Bug

DSS IT Recommendations on Heartbleed Bug

Many DSS IT customers have asked for our advice on what action they should take to respond.

Our recommendations to DSS IT customers are: Heartbleed Logo

1. Until the Heartbleed bug is patched for any given website, there is no point in changing your password. You would just be risking further exposure. One of the most comprehensive list of sites that have been patched can be found at: http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/

2. After a site has confirmed that it has been patched for the Heartbleed bug, you should change your password. Most major websites are sending out notifications to update users on when to change passwords. But BE CAREFUL to verify that any notifications you receive are not phishing scams. You can find our tips on spotting phishing scams here: http://it.dss.ucdavis.edu/training/phishing

3. When you do reset your passwords, be sure to follow the best practice of using different passwords on each website.

4. Since creating and remembering so many different passwords is difficult, consider using a password manager services. DSS IT uses LastPass.com internally, as do many of our customers. LastPass offers both free and paid tiers of service.

5. While UC Davis is not requiring users to change their Kerberos passphrase, DSS IT does recommend that you do so. You can change your passphrase at http://computingaccounts.ucdavis.edu/.

 

The Wall Street Journal has an excellent video that can walk you through the steps above:

http://live.wsj.com/video/heartbleed-change-your-passwordscarefully/F3DDAE69-31C7-4E8D-B7C0-306A6E3CD680.html