Change Your Passwords

SailorSam

Several tech companies including Tumblr are advising people to change all their passwords after the discovery of a major security flaw.

http://www.bbc.co.uk/news/technology-26954540

abibee

It's good practice to change your passwords from time to time anyway. Not that I do, I still use password123... do'h!

Edit: I never read the article you posted before my reply, I've only just done so now. That sounds pretty serious. I use Lastpass and different passwords on every site e-mail etc, but still, I think I may change a few of them tonight.

Thanks for posting.

Ant555

If you change your password on a site that is yet to be fixed/patched (and there will be millions of them) then you are still in the same boat.

I was wondering how a person could tell if a site was unaffected and found this link
http://filippo.io/Heartbleed/

Ive tried out a few of the main sites I use and they all seem to be OK.
MSE checks out fine according to them by the way.

wigglebeena

You can test here. https://www.ssllabs.com/ssltest/index.html

What banks are safe? Why are none of them making any reference or announcement on their sites?

Jivesinger

Ant555 wrote: »

If you change your password on a site that is yet to be fixed/patched (and there will be millions of them) then you are still in the same boat.

Indeed. This article says much the same thing -you might want to wait a bit before diving in and changing passwords.

http://nakedsecurity.sophos.com/2014/04/10/heartbleed-heartache-should-you-really-change-all-your-passwords-right-away/

RumRat

I think the publicity overtook the facts. It would seem that most mainstream sites were warned prior to disclosure of the vulnerability. As long as you don't use the same P/W for logging into sites like this and your banking etc. there should be no reason to over worry.
A simpler check for site vulnerability here http://filippo.io/Heartbleed/

ballyblack

http://lifehacker.com/what-the-heartbleed-security-bug-means-for-you-1560801201

googler

wigglebeena wrote: »

You can test here. https://www.ssllabs.com/ssltest/index.html

What banks are safe? Why are none of them making any reference or announcement on their sites?

You probably shouldn't be using a bank site that has a single-level, single password entry anyway.

All of those that I use require entry of characters from security codes as well as passwords, or require selection of keyword characters from onscreen graphics, so there's no chance of grabbing a whole password/keyword combination from one user entry.

RumRat

Don't change all your passwords

radu_

abibee wrote: »

It's good practice to change your passwords from time to time anyway. Not that I do, I still use password123... do'h!

Edit: I never read the article you posted before my reply, I've only just done so now. That sounds pretty serious. I use Lastpass and different passwords on every site e-mail etc, but still, I think I may change a few of them tonight.

Thanks for posting.

Don't change all the passwords just yet.
Apparently Lastpass will tell you when to change your passwords.

ciderboy2009

If you use Lastpass then login to their web site and choose the security scan option. It'll go through all of the sites you've got info stored for and tell you which (if any) are affected and what you should do for each one.

For 817 sites on mine only 4 are potentially affected.