LastPass has released a new tool to show you which of your supposedly secure online accounts are at risk of being compromised, as the Heartbleed fallout continues with numerous major sites admitting to being hit by the devastating bug.
Heartbleed is the recently disclosed programming flaw in OpenSSL that would allow attackers to read the contents of a server’s memory, exposing critical information such as SSL site keys, usernames and passwords, and user data.
LastPass shows your bleeding hearts
LastPass.com LastPass now runs a security check to show accounts for sites affected by Heartbleed. (Click to enlarge.)
Not content with letting users check Heartbleed-affected sites one by one with its individual site-checking tool, the LastPass password manager now has an automated solution for its users. If you’re using LastPass in your browser, just tap on the LastPass icon and go to Tools > Security Check.
This will redirect you to the LastPass website, where the service will scan your password vault and come up with a list of sites affected by Heartbleed. The list will also tell you how old your password is, when the site last updated its security certificates, and whether you should change your password.
That last point is crucially important, because there’s no sense in changing your password on an affected site until it has been patched, as explained in PCWorld’s guide to staying protected from Heartbleed.
I’m a longtime LastPass user. When I ran the security check against my own vault, it showed a number of accounts that needed to have their password changed. While helpful, the LastPass tool wasn’t perfect, however. It advised me to wait before changing my Tumblr password, for example, even though Tumblr publicly advised users to change their passwords before the new LastPass security check was publicly available.
Nevertheless, as a quick way to head off potential problems, the LastPass integrated tool is a great place to start a Heartbleed self-audit.
Heartbleed highlights
A number of major sites have recently admitted they were affected by Heartbleed and issued fixes for their services, including:
- Amazon Web Services
- Dropbox
- GitHub
- GoDaddy
- LastPass
- OKCupid
- Soundcloud
- Tumblr
- Turbo Tax
- Yahoo