Emerge2 has sent out two versions of this courtesy security notification to mailboxes that were originally setup by Emerge2. Mailboxes that are auto-forwarded to another address received a different notification (you can read it here). Mailboxes that are not auto-forwarded (i.e. are directly read by the user) received this notification (below).
Copy of Client Notification (Normal Version)
For Email: {EMAIL_ADDRESS}
Emerge2 setup and/or maintains the Google Accounts for your organization’s domain name, including account {EMAIL_ADDRESS}.
Emerge2 is sending this courtesy security notification to its clients who use Google Apps.
By now, many people have heard about the Heartbleed security bug that was recently discovered. More info: heartbleed.com
As a precaution, since this security vulnerability has the potential to affect a large portion of the Internet, the general advice is for people to change their passwords after each vulnerable system has patched their service.
One of the affected services was Google Apps (which manages Gmail, calendar, contacts, G+, and related services under each person’s Google Account). Google Apps provides the services related to your {EMAIL_ADDRESS} Google account.
Google has announced that their Google Apps services have been patched, therefore password changes are now strongly recommended for your Google Account(s).
INSTRUCTIONS: To Change Your Password
- Click on this link: https://accounts.google.com/b/0/EditPasswd
- If you aren’t already logged into your Google account, you will be prompted to login first.
- Once you see the “Change your password” form, enter your current password, your new password as requested, and click the Change Password button.
- New Password Hints: Select a new password that is at least 8 characters long (10-20 chars is better), and contains at least one letter and at least one number (and is not guessable, not your name, a pet, birth date, anniversary). Try joining two words together (again, not your name) and add a digit or two between or after the words.
After you change your password, if you had previously saved the login password in your web browsers, you will need to re-save those passwords. You will also need to update your mobile apps (e.g. for email, calendar, etc.) to use the new password.
For example, on an iOS device (iPhone, iPad) you will see a message saying “Cannot Get Mail” and you will need to click the Settings link and enter your new password.
What about other passwords? e.g. Facebook, Instagram, etc. There are many good blog articles that provide a list of which passwords you should be updating, e.g. See the chart in this article.
There is also “bad advice” in some blog posts which simplistically exclaims “change all your passwords now”. This is not very helpful. Please ensure that whatever list you refer to, that the list takes into account which services were actually vulnerable to Heartbleed and which have already patched their system. Do not change a password (yet) on a system that is still vulnerable, or if you do, ensure that you re-change your password after that system has been patched.
Email Administrators
If you maintain Google Accounts at your organization, then please ensure that all of your Google Apps users change their passwords. Emerge2 is only sending a courtesy security notification to the mailboxes that Emerge2 has setup. If someone at your organization, or a third-party on your behalf, has setup additional mailboxes, those users should also be informed about this.
Emerge2 Servers
As a side note, as soon as the Heartbleed bug was announced, Emerge2 immediately checked all of our servers, internally and using third-party Heartbleed detection tools, and determined that none of Emerge2’s servers were vulnerable to this bug. (more)
If you have any questions about Heartbleed and how to change the password on your Emerge2 setup/maintained Google Accounts, please either open a help desk ticket with your questions at help.emerge2.com or call us at 519-886-0100.
Thanks!
Emerge2 Support
Comments are closed.