You will likely have heard of the “Heartbleed” web security bug and the concerns it has raised about the security of your user names, passwords, credit cards and other confidential information. The CBC has a good article describing the issue, and recommended ways to protect yourself as much as possible:
We do not use OpenSSL on this website, and Wild Apricot (the company that hosts our membership and email subscription software) has confirmed to us that they were not vulnerable to this bug.
This security issue is regarded as a 10 out of 10 on the impact scale since it affects approx. 2/3 of all websites that use “https” (SSL/TLS).
Before you change your passwords, make sure that the site you’re changing it with has updated their systems completely (check out their site/twitter etc. to see). If you change it before they’ve updated, you’re actually putting yourself at more risk due to how this vulnerability works. Until the site you’re going to use confirms that it’s been updated…don’t use it, especially if it’s a site where you have credit card/confidential information stored.
Scammers will be trying to take advantage of this and sending you emails with links in the email – telling you to click on those links to log in and change your password. Don’t.Do.It. Type in the address of the site that they’re claiming to be from – it’s too easy for scammers to fake emails and put in bad links to their own websites.
If a site offers 2-factor authentication (this is where you have to type in a code from your phone the first time you use a new computer to log in), please use it. The biggies like Google, Yahoo, Twitter, Facebook etc. all offer 2 factor authentication. Having 2 factor authentication is one of the things preventing the bad guys who have already got our passwords from logging in while this whole mess gets cleaned up.
Although this wouldn’t have helped with this particular issue, since you’ll be updating many passwords (you will won’t you?), this is a perfect time to start using a password manager. I like LastPass for a number of reasons but KeepassX (open source) is also excellent and I’ve heard 1password is good. Macs have a built-in manager called keychain which is good also (you have to trust Apple and surveillance authorities for this one though) .
Good luck and stay safe out there!