Why you need to know about TLS 1.2

: Had TLS 1.2 been around, there’s no way David Lightman could have gotten into the WOPR computer.

Hackers fascinate us. We hate the messes they create, and the way they make us paranoid about Internet security. And at the same time, we’d love to know how they do it. (How many of us nagged our parents for modems after seeing WarGames the first time?)

Today, no one’s hacking Sabre to make fake flight reservations. These aren’t just kids having a good time. The effects of a data security breach range from serious PR nightmares and general havoc to credit card fraud and identity theft.

As fast as hackers find ways to exploit weaknesses in software and Internet security protocols, programmers find ways to stop them. And, fortunately for us, the majority of this digital war is fought behind the scenes. As long as you keep your computer, software, and browser up to date, you’re protected. (At least until the next big hack.)

The introduction of the home computer and video games gave rise to fears about all types of cyber security.

Sometimes, though, the fixes themselves can be disruptive. And it’s about to happen again.

In fact, you may have already run up against the latest online snag caused by an Internet security upgrade, without knowing what was going on or why it was happening.

Why the secrecy?

For whatever reason, there’s not been a lot of publicity about this mass upgrade — not outside of tech circles, anyway. It’s a mystery as to why, because it’s us non-techies who are seriously going to flip out when we come up against it. (I can already imagine the phone call from my mom, asking why Yahoo! isn’t letting her into her email, followed by a mild tirade on how it’s probably due to government monitoring.)

It’s up to individual site owners to make the upgrade to TLS 1.2, including the owners of web browsers. (There’s no great Internet Bureau out there to do it for us; no Al Gore-like figure sitting at a master portal, directing everything like the Great and Powerful Oz). A few industries have set deadlines for compliance. But otherwise, everyone’s on their own timeline.

Where the problem comes in is that some industries (banking and healthcare come to mind) will be faster to upgrade than others. So when a non-upgraded browser attempts to connect to an upgraded website, a clash occurs. It’s already happening.

In short, if your browser is old, you won’t be able to get to websites that have upgraded to the new security protocol. And if you don’t know ahead of time what’s going on, you won’t know what to do about it.

So I’m about to save your sanity (at least the part that depends on the Internet functioning when you want it to) by addressing the big questions I imagine you have at this point.

“What sets off these grand-scale changes?”

We know hackers start the chain of events that result in new security protocols. But who takes the lead on devising a solution?

The National Institute of Standards and Technology (NIST) is the U.S. government organization that sets the standards for Internet security. While they don’t issue mandates, per se, it’s pretty strongly suggested that government agencies follow their recommendations. And once they do, businesses follow suit.

In 2014, the NIST gave the tech community a heads-up that a big change was coming. Thanks to some high-profile security breaches (remember POODLE and Heartbleed?), they advised that government entities upgrade to the latest approved security protocol, TLS 1.2 with AES256-bit encryption (AES = Advanced Encryption Standard), by January 1, 2016.

Once that announcement was made, the Payment Card Industry Security Standards Council (PCI SSC) followed with its own updated data security standard for merchants.

“And I care about this because . . . ?

Remember how I mentioned browsers earlier? And how everyone’s got their own timeline for upgrading? Well, several web browsers haven’t gotten their ducks in a row yet. And if you’re using one of those browsers, and you try to access any site that has been upgraded — like Facebook, or your bank’s website, or AppointmentPlus.com — instead of going to the site, you’re going to get an error message.

So until you address the source of the problem (i.e., your browser), you won’t be able to “like” your friends’ Facebook posts or check your bank balance. Or log into your AppointmentPlus account.

“Fix it NOW!!”

In the immortal words of Douglas Adams, don’t panic! You’ve got a couple of options, and they’re both unbelievably simple.

espite our fears about cyber terrorists, there’s no need to panic. Internet security measures like TLS 2.1 and SHA 256 exist to help protect us.

Option 1: Upgrade your browser

If you use Google Chrome™ or Android™, you don’t need to do a thing. Both update automatically, so you’ve already been upgraded.

If you use one of the following browsers, just make sure you’re using the version listed:

Browser Version
Mozilla Firefox® 39.0
Microsoft Internet Explorer® 11
Apple Safari® for Mac 8 (Apple OS X 10.10)

Option 2: Switch to an upgraded browser

If you’re not using one of the browsers listed above, it’s time to switch! Just remember to export both your cookies and your bookmarks from your existing browser first so you can import them into the new browser.

Switching to a new browser isn’t the most fun thing in the world to do. But in this case, it’s much easier and less frustrating than not switching. You have nothing to lose by making the change now. If you wait, it’s just your sanity at stake. And maybe a few friendships that hinge on your “liking” the photos they post of their kids.

I vote for sanity.

One last piece of advice: If your mom is anything like mine, you may want share this post with her.

Topics: Tech Trends

The Online Scheduling Revolution