Heartbleed, the massive OpenSSL security flaw, has led to panic. Major companies scrambled to fix the bug, and in the aftermath, experts are preaching a simple recommendation to nearly all Web users: you should probably change your passwords.
We joined the bandwagon and shared a handy graphic this weekend listing many of the major sites affected. Users reacted to the chart in two ways:
First, readers said, “This is fear mongering.”
Then, some countered with the claim that the graphic wasn’t aggressive enough: “Your password used on any of the affected sites should be changed everywhere.”
As a result, we’ve decided to issue a revised infographic.
Alright, nobody panic. Here’s the deal:
Just about every company and every security expert has said the same thing about passwords for years:
- You shouldn’t use the same password on every site.
- You should change them often.
Some security experts say you should wait a bit before changing your passwords. That’s fine, but it’s likely not necessary, as most major Web firms have long issued fixes. If you really want to be careful, you can check to see if a site is still vulnerable to Heartbleed before changing your password on it.
But really, if you just follow the two rules above, you’ll probably be fine.