Heartbleed: When to change your passwords

heartbleed logo

In the past couple of days you have probably heard a lot about Heartbleed, a major security flaw in SSL (secure socket layer) that many websites use to encrypt data. If you have read about this, many people covering the story have given the advice "change all of your passwords right away." This may not be the best advice. If you changed your password on a website before the site patched the security flaw, the new password could still be vulnerable.

WPPL does not use OpenSSL (the technology that is the source of the vulnerability) in our public websites, nor in our catalog.

To help determine when you change your passwords, here are a couple of resources to help you choose how to respond:

cnet.com has a list of the top 100 sites on the web and their statuses with regards to Heartbleed

LastPass.com has a tool where you can look up individual sites to determine their status.

I have received a number of emails from companies on whose sites I have accounts notifying me whether they were affected and/or how I should respond. Not all sites will do this, so use the tools above.

In the meantime, if there is a site that you have an account on that has not applied the patch, DO NOT LOG IN TO THAT SITE.

I expect that pretty soon all sites will be patched to deal with this threat, so anyone who has been exploiting Heartbleed may be trying to get as much data as possible from sites before this door is closed.

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Enter the characters shown in the image.