Showing posts with label security. Show all posts
Showing posts with label security. Show all posts

February 26, 2024

Live Life Use Passkeys

On episode 413 of Geekiest Show Ever, Elisa and Melissa discuss the answer to life, the universe, and how it could be passkeys. We have helpful links in our full show notes. Do you have questions about what you heard in this episode? Please send us your feedback. Follow us on Mastodon for additional tips and conversation. We’d like to hear from you, so let us know which tech topics interest you most. Find Melissa here and find Elisa here or here. Geekiest Show Ever is an independent publication and has not been authorized, sponsored, or otherwise approved by Apple Inc. Products made by Apple mentioned in this podcast are a trademark of Apple Inc., registered in the U.S. and other countries and regions. Episode artwork by Melissa Davis. The passkey icon is a trademark of FIDO Alliance, Inc.

Passkey Directory – FIDO Alliance

Passkeys.directory – 1Password

Unlock 1Password with a passkey (beta)

Melissa’s Passkeys presentation for Tucson Macintosh Users Group

February 21, 2024

Passkeys Presentation for TMUG


My Passkeys presentation for TMUG (Tucson Macintosh Users Group) begins at the 49:12 mark.
This was the first time I gave this presentation. I plan to polish it up and post more about it again later.


References

  1. What is a Passkey? Demo — passkey.org by Yubico
  2. What is a Passkey? Demo —passkeys.io by Hanko
  3. Passage Register — 1Password
  4. Passkeys.directory — 1Password
  5. FIDO Alliance Passkey Directory
  6. Keeper Security supports passkeys for effortless authentication
  7. Make your passkeys and passwords available on all your devices with iPhone and iCloud Keychain — Apple
  8. February 16, 2024 Authenticate 2023: The role of credential managers in the past, present, and future of authentication with Anna Pobletts – FIDO Alliance
  9. February 13, 2024 Passkeys might really kill passwords with Anna Pobletts of 1Password — The Verge
  10. February 8, 2024 I Stopped Using Passwords. It’s Great—and a Total Mess by Matt Burgess – Wired
  11. January 16, 2024 How to save, share, and manage passkeys using 1Password by Nick Summers — 1Password
  12. December 29, 2023 A Passwordless Future Passkeys with Anna Pobletts of 1Password — Syntax
  13. December 20, 2023 Passwords vs. Passkeys - FIDO Bites Back! with Jeff Crume — IBM Technology
  14. November 20, 2023 FIDO Promises a Life Without Passwords with Jeff Crume — IBM Technology
  15. November 4, 2023 Passkeys Email to Friends and Family by Allison Sheridan — Nosillacast
  16. August 22, 2023 About the security of passkeys – Apple
  17. May 24, 2023 Should You Use Passkeys Instead of Passwords? by Amira Dhalla, Yael Grauer — Consumer Reports
  18. May 12, 2023 Passkeys may not be for you, but they are safe and easy—here’s why by Dan Goodin – Ars Technica
  19. December 2, 2022 About Passkey — Know A Little More with Tom Merritt
  20. November 16, 2022 Seven Misunderstandings About Passkeys by Nick Hodges — Passage by 1Password
  21. May 14, 2022 CCATP #728 —Bart Busschots on Why FIDO Passkeys Rock by Bart Busschots — Chit Chat Across the Pond
  22. February 28, 2016 Introduction to the Technical Debt Concept by Declan Whelan, Jean-Louis Letouzey — Agile Alliance
  23. Unlock 1Password with a passkey (beta) — 1Password

June 30, 2021

Setting up iPhone for Vintage Users in a Dignified Way

basic iPhone home screen
I was a guest on Allison Sheridan's Chit Chat Across the Pond where we had a great discussion about how to help inexperienced smartphone users of an advanced age group by setting up a new iPhone for them or optimizing the one they already have.

I hope you enjoy listening to the show as much as I did helping to make it. Allison and I could talk for days on this subject and I think you'll be able to tell. :)


Here are the show notes I composed for this episode. It's super long and I've modified it to add some new tips I thought of after the recording, but I hope it can be used as a reference guide for those who might be struggling or need some additional tips when working with their loved ones or assisting a friend in need.

Alternative HTML5 Audio Player

Problem to be Solved: simplifying a complicated device to meet the basic needs of a user with limited touch interface skills while helping to preserve their autonomy in the process.

Recurring things I have observed to be helpful
If it causes more problems than it solves, it’s time to reevaluate.

This is not a complete list and it can take days or even weeks of tweaking, exploring, and experimenting to get someone’s device set up to be the most optimal for their needs, but it’s a good place to start thinking about the most necessary features and settings. Start by doing the initial setup and then make adjustments as the person you're helping gains more confidence and experience. If there is something they don’t like, take time to listen to their needs.

In the beginning it can be really hard for them to ask for help when they don’t know what something is called in order to phrase the question effectively. Aim to reduce whatever is causing friction by asking them what task they’re trying to accomplish. Maybe the text is too small or the screen doesn’t stay lit long enough for them to finish their question, but they weren’t sure how to convey that to you. 

Always check and ask for consent as you go. They might not understand what it is they are consenting to though, so try to explain your intent to help them be more secure with their new device and how the setup is intended to help them use it more easily and securely. Trust is paramount and they’re relying on you to help.

February 22, 2021

Locked Down

Hacking and scamming incidents are on the rise. It’s a sad fact of pandemic life now, but on episode 351 of Geekiest Show Ever, we’re here to tell you that you can take back some control if you know what to look out for and how to implement best practices. We will give it to you straight because we believe that online security should be a regular part of our overall well-being. It’s why we so frequently discuss security issues and using password managers. Tune in to hear us share our field experience for ways to help your loved ones become safer in our digitally connected world.


Photo by Danielle MacInnes on Unsplash
⏯Audio file is here: http://www.mymac.com/podcast/GSE/GSE351.mp3 🎧

🦉Follow us for even more helpful information: 

August 18, 2020

Uncomfortable, but Do-able is My New Mantra

Passwords for kids — this has been one area where I’ve had to compromise & it’s been uncomfortable, but do-able. It’s part of my job to teach cyber security to people, yet schools insist —and subsist— on using terrible passwords, but I get it. I don’t like it and I don’t agree with it, but I get it and I accept it even though I’ve worked very hard to teach my family the value of digital security and password hygiene.

When they have to use a site or platform that doesn’t allow for password changes, I remind them that it’s not how we do things, but for the type of educational service and limitations, we can compromise.

My kids have been using a password manager app since they were very little. But when it comes to using school laptops where personal apps can’t be installed, and for when they were too young to have their own smartphone to use as a look-up tool, we devised a plan. 

Normally, I advise against re-using passwords, but as in this case of compromise, I allow it to a degree. For each child, we come up with a password that is something unique, hard to guess, but easy for them to remember and develop muscle memory for typing. Once we’ve picked & practiced the base password, for each new site or platform they register, we use an abbreviation or short name for the service or product and tack it into the end.

Example:
MyGr8password becomes: MyGr8passwordGoog
MyGr8passwordScoolgy
MyGr8passwordIC
MyGr8passwordOffice
MyGr8passwordCanv

I still have them keep these logged into their password managers then, when necessary, we can print out a screenshot instead of hand-writing them each time to save on guessing whether someone wrote a 1, l, i, 0 or O. A spreadsheet or word processed document could work too, if that’s an accessible tool for parents. Be sure to choose a font that makes letters and numbers distinguishable from each other. Courier font is a good choice.
Tips for Surviving Remote School by Devorah Heitner
Here are some really terrific tips I love to share from Devorah Heitner, author of Screenwise. If you haven’t read her book already, I highly recommend it!

 

November 3, 2018

Paper Bank Statements Don't Keep You Safer

Do you trust your iPhone or iPad for safety in banking? If not, what do you trust more that you feel reduces your risk?
If you think paper statements, then it may already be too late.
If you prefer a desktop computer or laptop web browser over a mobile app that has dedicated access tied directly to your bank, consider the risks of malware and viruses you could be exposing yourself to from desktop websites compared to mobile.
Here are some useful articles on the subject:
Don’t want to store your banking information in a password manager because you know it by heart? Crooks are counting on you to know this info by heart so that you can be phished into giving it up more easily. If you have to stop, then go get the info from a password manager, you’re much more likely to keep yourself safer because the act of looking it up will make you think twice about the reason why you’re looking it up instead of just giving out the answer.
Hack your own brain, metaphorically, by placing some bright, yellow safety tape over that step that was about to trip you and cause injury.

June 2, 2015

How To Update Adobe Flash Player: A Walk-Through

Hand-Made Mac Tip:
How To Update Adobe Flash Player On A Mac — A Walk-Through
with Step By Step Pictures

I get many requests for how to do this, so I thought I'd make a tutorial.
I hope this is helpful and helps keep you SAFE from hackers!

So, you're surfing along on the Internet in Safari or whichever browser you choose and all of the sudden, this window pops up out of nowhere! It seems to do this fairly frequently!

Why? Because Adobe is constantly patching its software to keep the bad guys out and they need to send you an update. While you don't want to ignore these updates, you don't want to get tricked into putting something harmful on your computer by the bad guys pretending to be Adobe either.

Follow these steps to do it the safe way:

Here is the window that pops up. Even though this one may be legit, lets pretend it's not and go get it from the source making sure we are the one making all the calls.




You may have to repeat these steps if BOTH of these plugins have updates. Most times it's just one or the other. You will see a message that says you're up to date if none is needed. If an update is available, it will say so like shown in the next image.

























Wow. 14 steps! They sure don't make it simple, do they  Why do we even need Adobe Flash anyway? 
It's one of those necessary evils that's called a plugin. It's like a supplement for our computers. Without it, we wouldn't be able to process certain multimedia content like videos or interactive graphs. Lots of banking websites still require it to make their websites function the way they were designed to be viewed by the visitor. They want to display information in a chart and it may have some type of animation. To you it may be overkill, but to the web designers, this is the choice they made. 
What if I don't care about updating it? Can't I just skip it? 
Sure, but you do so at your own risk. You could be allowing the plugin you are currently using to operate with a "hole" in it — one the bad guys could get through to compromise your security. Better safe than sorry.

April 26, 2014

Don't Let Your iPhone Spill The Beans

I have experienced iPhone theft twice. The first time was with iOS 6 and we recovered it within 24 hours with police assistance. The second time on iOS 7, not so lucky. This is life. My hope in revealing this experience is that our loss will be your gain and maybe you'll have a better outcome.

Update: I published this piece in April when our second iPhone had been stolen by a student in a classroom several months prior. I am happy to report that I have successfully recovered the stolen iPhone! I did keep pinging it by using Lost Mode to send a message to the screen, and finally someone decided to text me and tell me they "found" it. Long story short, the iPhone was allegedly "purchased from a friend" and the person's girlfriend tried to restore it and discovered the message. We had to "pay off" this individual for a small sum of money, but we got the phone back and no data was lost or compromised. We had changed passwords just to be safe. I will write more about this story in another post because I learned a lot more about the recovery process, but I want to do some more penetration testing to document it properly. This will involve temporarily sacrificing one of the kid's iPhones then restoring it. Hey, drills are important though, right? It appears as though enabling Lost Mode removed the data from the phone, because when we got it back, it had been wiped with just my Lost Mode message on the screen. Did it get wiped when someone attempted to restore it using iTunes? It had been locked the whole time, so we're pretty sure data stayed safe as it passed between several middle-schoolers, but I still want to play hacker and see. Stay tuned!

Here are my experiences with the Find My iPhone process

I really, really wish Apple would require a passcode or fingerprint ID in order to disable connectivity from Control Center so that a thief can not do it by enabling Airplane Mode and/or disabling Wi-Fi, but sadly, that is not the case and it does not bode well for us.

I believe we were able to recover the first iPhone because the thief couldn't take it offline unless he powered it off, let the battery die or went to a location with no coverage. Control Center was not a feature in iOS 6 at that time. Lucky for us, he chose to plug it in and charge it so it remained locked and online. (We know he tried to hack it, because we got it back without its Otterbox case.)

When you suspect your iPhone has been stolen, you should immediately report the theft to police so you can be issued a police report number. Once you have that number, if you can track the phone to get a location on a map, you can call 911 (they told me it's ok) and a police officer will meet you at the location to offer assistance. They will ask you on the phone how accurate the GPS signal is and you can tell them within 10 feet of the suspect. You will need to tell them cross streets or landmarks. I found it helpful to take screen shots (command-shift-4) and note the location on the iCloud map then plug that information into Google Maps because from there, you can look up "what's here" and get local landmarks or businesses. We were able to meet the police officer at a nearby 7/11 to retrieve our phone. After this first incident, I realized how handy it was to have our family photo or something with a picture of the phone's owner on the lock screen because this way, the police officer took one look at us, knew the phone belonged to us and handed it over with no additional paperwork.

We should have more control over Control Center


While you'd think it's just as easy for a thief to power the phone off, where's the fun in that? Maybe they want an extra flashlight, timer or calculator in their pocket or they want to take selfies with the camera in case you do get your phone back so you can see all the fun you missed while your phone was away. All of those features are still available from iOS 7's Control Center while the phone is locked and offline so their friends will think they're cool. I think Apple should also make it so that the phone can not be powered off while in Lock Mode. Again, this is not currently the case, but I hope that changes in a future update!

Punks, thugs and middle-schoolers steal iPhones for the thrill of it. It's like a bug to a cat. First they pluck its legs off so it can't go anywhere and then they just bat at it to torture it.

All it takes is a quick swipe up from the bottom, a tap on the airplane icon and now you can probably get away with wiping it and restoring it if the owner wasn't smart enough to enable Find My iPhone. By the time you realize it's been stolen, it may be too late.

I think you should have a choice of what shows up in Control Center. I am not a frequent flyer and I'm fine with unlocking the phone and going to Settings to enable Airplane Mode. I mean, how hard is it? I get that it's a convenience and encourages more people on planes to disable connectivity easily, but leaving it available to disarm the wonderful security features of Find My iPhone? Is the convenience really worth the security risk? I'd like to see the ability to customize that area or disable the connectivity icons for Airplane and Wi-Fi altogether. Of course, having Bluetooth there has come in very handy for me, so I'd like to see that stay. I just think that disabling settings which compromise security should be passcode or fingerprint Touch ID protected. Make it a choice and I'll choose it.

If you swipe down from the top, you get the handy, dandy Notification Center. Check it out for yourself. What kinds of revealing information would your iPhone's thief be able to mine from the lock screen before it goes into Lock Mode? Saucy text messages? Your next appointments? Just something to keep in mind if you and your device become separated. I've heard people say they don't care much about their phone if it goes missing — it's just a thing, right? Ok, but this thing has a lot of bells and whistles turned on by default for your convenience and I'm here to tell you to take a closer look at this thing.

You may refer to me as Mistress Protector of The Experience and heed my advice or else pay the price. Muwahahahaha! (Ok, someone seriously needs to make me a new avatar now.)

Even though lack of connectivity creates a pressing problem, it's still incredibly important to set up Find My iPhone because of Activation Lock — available only in iOS 7. While your iPhone is offline, you will not be able to track it, but at least you'll know your data is safe. You can access this app by logging in on another trusted iPhone, iPad or iPod touch that has it installed or any computer where you can log in to www.icloud.com and click the Find My iPhone web app. I've even had a trusting family member on the other side of the country ask me to log in on their behalf to track their device when they had no other alternative at the time. The commands you issue will show as pending and if your lost or stolen iPhone ever resumes connectivity, it will receive the command and complete the action such as enabling Lost Mode or sounding a audible signal. Of course for ultimate, added protection, I encourage everyone to use a password manager and never store their passwords in the browser (Safari). I've said it before and I'll say it again, 1Password is good for this plus it even has a built-in browser.


Find My iPhone in the iOS App Store


It is crucial to get your iPhone into Lost Mode immediately

Siri from the lock screen is an awesome, awesome feature and I really miss using it that way, but there were some disturbing revelations during my testing. To see what I mean, try these little exercises while imagining you are the thief who has your iPhone in their hot little hands. While your screen is locked, press and hold the Home Button, wait for the 'beep beep' then ask,

"Siri, where do I live?"
If the thief gets a guilty conscience, they can always drive to your home in the middle of the night and put your phone in your mailbox, right? Um. Yeah.

If you use Find My Friends and have locations enabled:
"Siri, where is my spouse/husband/wife/child/_____?"
Now the thief knows both where you live AND that you may be home alone and for kicks, they can go stalk your spouse/child/other in the parking lot. at night.

Even if you don't use Find My Friends:
"Siri, who is my spouse/husband/wife/child/_____?"
Now the thief has the contact information for that individual if you've made the connections in your Contacts under Related Names. Of course it's not too hard once they figure out your name to start poking around in your Contacts using Siri to rat you out.



Siri will only work if there is an internet connection. Lost Mode disables Siri!

This means a thief has from the time they pilfer your phone until you initiate Lost Mode to mine your sensitive information by getting Siri to spill the beans on you. If the thief disables connectivity by enabling Airplane Mode or disabling Wi-Fi or both, then Siri from the lock screen will no longer work, but your iPhone will show as offline when you try to track it. At this point, you better hope the thief hasn't taken notes.

I still love using Siri for these features and I rely on Find My Friends a lot, but from now on I'll be doing so only after unlocking my iPhone with my fingerprint Touch ID! It's almost as fast anyhow on an iPhone 5s. (You'll still need a PIN or passcode on older models.)

Find Friends in the iOS App Store


A note on the audible signal

This Find My iPhone feature comes in really handy when you suspect your iOS device is lost somewhere near by like a sofa, under the bed or in a child's room. You can hear the sound even if the volume has been muted or turned all the way down. The signal will sound until one of two things happens: (1) someone presses the volume button to stop the sound or (2) you unlock your phone with your code. Um, you do have your iPhone locked with at least a PIN, right? Do it RIGHT NOW if not! Tsk. Tsk. I mention this because I don't want you to be under the impression that some thief could have your phone and it will just keep wailing and dinging because, unfortunately that's not the case! Again! It's easy to just press the sleep or volume button and it will silence the annoyance. I think the damn thing should just ding incessantly until it's been unlocked so that if a thief does have it, it's obvious like that dye in pools that follows you around if you pee in it! (so I've been told)


Remote Wipe

If you think your phone is just lost, you might want to give it a little time, but if you know it's been stolen and have no hope of getting it back, then you should probably wipe it remotely using Find My iPhone. Just know that if you do this, there's no hope of ever recovering your phone using the hi-tech methods currently at your disposal. Unless you are in clear and present danger, the police will not track your phone or trace phone numbers coming from people claiming to have your phone. (I asked when I filed the police report.) They will assist you to go retrieve the phone and it is ok to call 911 for that reason. I prefer to hold out hope and try to ping it every so often in hopes it will come back online at some point. Maybe, just maybe the message will get across while I'm obsessing over something else in life.

So, of course, the answer for now is to just disable all of this stuff from showing up on your lock screen or from being accessible from Notification Center or Control Center or Siri while locked. And welcome back to iOS version 6 something or other.

If you do choose to keep these features enabled for convenience, then you had better be the type of person who treats their iPhone as an appendage and never leave it out of your sight. Only you can decide where that balance between convenience and security lies and I hope my experience, time and report here helps you make a more informed decision.

Label It

One more tip and surprise, surprise, it's something low-tech. Get or borrow a label maker and label your devices — all of them! Of course it probably won't do much good to put your cell phone number on your iPhone's label if you lose it since you won't be able to answer it right away! Put a different phone number on that label, like your spouse's mobile or your landline or even a Google Voice number that will ring or text your replacement cell or that of a friend you trust. This way, if a good samaritan finds your dead iPhone months later, they can call you or text you on a number where you can be reached. I think cell phones are best because they can receive a text in case it's someone who can't figure out that they need to tap the green number on the screen.

Here's a label maker I love. You can get thin, transparent tape for it and it looks really nice on along the side of your iPhone or on the back of your iPad — almost as good as an engraving. You could even put it on the side that has the SIM card port to deter a thief from removing it. I chose to put mine along the side with the volume buttons in hopes someone will see it there. I keep a transparent case on my phone, so this is visible through it, but I removed it here for the photo to give you a better idea. The labels are pretty strong and hard to peel off.


Do yourself a favor: stalk yourself!

To test all of this, I simulated different scenarios with and without connectivity. I disabled my home router and enabled Airplane Mode. I was able to play around with the features in the lock screen before putting the phone into Lost Mode then I could see what would happen and what wouldn't. I encourage you to do the same with your own phone. Test out these features now so that if it ever happens to you, you'll be better prepared.

 #YaMightLearnSomethin #PSA #Rant #Security #LessonsLearnedTheHardWay

Bonus Points if you got Rickrolled by reading Apple's knowledge base article on Control Center

April 11, 2014

Help for Heartbleed Heartburn

Have you heard about the Heartbleed Bug in the news? You may have seen its logo plastered across your screen at some point. I wonder if sales of antacid are on the rise right about now because I bet it's causing a lot of heartburn lately. If you are not overly concerned with this news at the moment, I'm not here to send you into a panic, but identity theft can really take its toll if you're not prepared. I know from experience and it's not the sort of thing I wish on anyone.

It's a whole lot easier to float down the river in a boat without a hole in the bottom of it! Managing your login credentials and maintaining good passwords helps you stay aware and on the lookout for anything nefarious. I know too many people who use the same password, or a variation of it, over and over again because when given a choice between security and convenience, most will choose the latter.

If you have a credit card, you should be used to the idea of change by now. Your credit card has an expiration date on it and each time they issue a new one, even though the number may remain the same, the security code on the back changes. Websites or software products with login screens like those used for banking, payroll access, insurance, healthcare, etc. require a periodic password reset in order to access it, but there are a lot of websites that do not require this and so people become complacent. Of course changing your password is not the be-all-end-all, but it certainly helps to thwart attackers. You lock your home and car while away, so why leave the all the keys under the door mat? A thief will likely check there first. If it becomes public knowledge that you stash your keys under the potted plant next to your door mat, ya might want to change your locks and start keeping your keys a little closer from now on.

I'd like to take this opportunity to educate you on how you can strike a balance between security and convenience, so pop some of your favorite flavored chalk or antacid and here we go:

Get a Password Manager
Now, I just told you not to use the same password for each site which I know sounds like a tall order, but what if I told you that you could memorize just ONE really, really good master password, hide it really, really well and let that be the key that securely stores and unlocks all the other keys? Doesn't that sound much easier than having to remember or write down a bunch of stuff only to forget where you put it or maybe later not be able to tell if you wrote the letter 'O' or a zero. Six times over? Remember though, keep this master key close because it's the key to your city. If you suspect it has ever been guessed, change it and guard it closer.

The app I've chosen to invest my security in over the past several years is 1Password by AgileBits. It has worked so well for me and my family that I am using it with more and more of my clients. It saves so much time and energy when they put it to use. When threats or security maintenance protocols create the need to change passwords, using this password manager makes it easier to document and store the new information, securely. Everything you enter into this software is for your eyes only unless you decide to share it with someone you trust who also has 1Password so they can lock it away in their own vault. This is extremely helpful for use in families and between colleagues. You can use iCloud or your own secured Wi-Fi connection to sync between devices so that your information is not intercepted while syncing.

At the time of this posting, there is a sale on 1Password and I highly recommend that you have the latest version. If you still have the older version, now is the best time to upgrade because they've added a lot of new features. There is one app that will work on your iPhone and/or iPad and another app that works on your Mac. You sync them with each other and all your information is secured on all your devices! While both pieces of software are on sale right now, it's really worth the price when you see what all it can do. The developers are constantly polishing this app and they stay on top of all the security risks so you don't have to. All you have to do is click these links and the App Store on either iPhone/iPad or Mac will take care of the installation process. It's very easy.


1Password for iOS on iPhone/iPad/iPod touch


1Password for Mac OS X








Learn How to Use Said Password Manager
Once you've installed 1Password, my good friend, Don McAllister, at ScreenCastsOnline has kindly published his instructional video tutorial for free. You can watch it right here. If you like his method of instruction, you should really consider subscribing to his other videos! A free trial membership is available.


Lists of Sites That Have Been Affected
If you've ever signed up for any of the services listed below, you need to change your password. It doesn't matter if you signed up and then never used the site again. If you're like a lot of people, you may have used the same password there that you use in other places. That makes you more vulnerable because that's what hackers will assume when they target you. Just go to the site and change it anyway. Be sure to use the auto-generation tool in your password manager so that you're using a password you'll never use anywhere else. Don't worry about memorizing it because you'll just copy and paste it when needed. If your password is ever extracted somehow, like in the case of a bug like Heartbleed, the fact that you can change it and update your login credentials more efficiently WILL keep you safer. If you plan on abandoning an online service, just be sure no personal or financial details like a credit card are linked to the service in question and if you really do not plan on using it, maybe now is the time to close it off.

Here are some of the big ones I could find where you should change your passwords because they have been patched by now:

Facebook
Instagram
Pinterest
Tumblr
Twitter
Google
Yahoo
GoDaddy
Intuit Turbo Tax
Dropbox


If you use any of their related services like Gmail or Yahoo Mail, for example, you should change your passwords at their websites first and then don't forget you need to make that same password change in the settings on all the devices you use to access that service. For example, if you change your password for Google's Gmail service, then you need to plug that same new password into the Settings section on your iPhone, iPad and/or Mac. Using 1Password makes this easier because you just copy and paste it into the boxes calling for it.

Sites With More Complete Listings:
The Heartbleed Hit List: The Passwords You Need to Change Right Now
Here’s A List of Websites Allegedly Affected by The Heartbleed Bug (updated)

What is the Heartbleed Bug?
Here are some links to easy-on-the-eyes articles if you want to educate yourself further on what this bug is and why it's important to act. It's a lot of information to digest and even then it still might not make sense, but I tried to pick articles that explain it a little easier than most.
Heartbleed, the new OpenSSL hack: How does it affect OS X and iOS?
Heartbleed: What You Need To Know About The Security Fiasco In Three Minutes Or Less

Check Your Router
Apple made a statement quoted here saying Apple products are not affected. If you have an Apple-branded router used to connect to your modem , e.g., Airport, Airport Extreme or Time Capsule, it is not affected. Linksys routers are also not affected according to their statement issued here. I'm not yet sure about Netgear or other companies. If that changes, I'll update this post. If you use a router other than those who've already issued statements to get your wireless devices connected to the internet, contact the company who makes it to find out if they've issued a patch. If so, change your passwords.

There is a password used to manage the device and then there is also a password used to connect to the device. You may have given the latter password out to family and friends who have visited your home and connected to your Wi-Fi. You'll need to give them the new password when they visit next time. I've found it helpful to write or print out the password (so it's legible) and tack it to the fridge or someplace accessible so you can just hand it to your guest and they can enter it in their device. (Just don't forget to put it back!) If the manufacturer has not issued a statement saying their product was affected, just wait. Unless you registered your warranty with their site, you'll need to check this on your own as it's unlikely you'll get an email about it.

Additional sources for this post: