Heartbleed Bug: How to Protect Yourself

Certain websites, including Yahoo,, Pinterest, among others, were recently exposed to a major security bug called Heartbleed. The bug has the potential to expose private information to cybercriminals, including passwords and access to credit card information that users enter into websites, applications, email, and even instant messaging services.

Heartbleed could be one of the biggest security threats the Internet has ever seen. If you have logged into any of the affected sites over the past two years, your account information could be compromised. Fortunately, there are things you can do to protect yourself, such as:

  • Check whether the sites you use are affected. If you don’t want to read through the long list of websites with the security flaw, the password security firm LastPass has set up a Heartbleed Checker, which lets you enter the URL of any website to check its vulnerability to the bug and if the site has issued a patch. You can also access a quick list of popular websites and whether they were affected on
  • Change your passwords for major accounts, including email, banking and social media logins, on sites that were affected by Heartbleed but patched the problem. However, if the site or service hasn’t patched the flaw yet, there’s no point to changing your password until they have done so, so be sure to wait for notice or check with the company.
  • When choosing a password, don’t choose one that is obviously associated with you, such as your pet’s name. Don’t use words that appear in a dictionary, because as incredible as it seems, hackers can calculate the encrypted forms of whole dictionaries and easily reverse engineer your password. It is best to choose different passwords for different sites that include a mixture of unusual characters or a phrase that you can easily remember, where you substitute numbers and characters for letters

For more details about Heartbleed, visit, the official page covering the bug.

As you can see, changing your passwords is one way to protect your digital accounts while you are alive. However, what happens when your loved ones need access to your online services when you are deceased? One way to protect digital accounts would be specifying digital assets in your estate planning documents and specifically giving control over these digital assets to your executor or trustee, who could then take over upon your death.  An easier way is to store all of your digital user names and passwords in a secure password safe, such as keepass or lastpass and give your executor/trustee the password and location of the password safe or the means to locate your master password, such as by writing down your master password and putting it in an envelope in your safe deposit box. Read more about this on our blog post about digital assets.

If you don’t have Estate Planning, Incapacity Planning, or Long Term Care Planning in place, now is the time to get started.  Call us today in Fairfax at 703-691-1888 or in Fredericksburg at 540-479-1435 to set up an appointment for an introductory consultation.


Print This Page
About Evan H Farr, CELA, CAP

Evan H. Farr is a 4-time Best-Selling author in the field of Elder Law and Estate Planning. In addition to being one of approximately 500 Certified Elder Law Attorneys in the Country, Evan is one of approximately 100 members of the Council of Advanced Practitioners of the National Academy of Elder Law Attorneys and is a Charter Member of the Academy of Special Needs Planners.