Heartbleed Update: Sites That Tell You Which Passwords You Should Bother to Change

Your two-point to-do list for the weekend.

[Update: see bonus xkcd link below.] For background, see this early Heartbleed dispatch on general principles of password hygiene, and this one on a range of test utilities to check whether possibly affected sites have yet been repaired.

Your simple two-point checklist for today and the weekend:

1) In addition to some of the other test sites already mentioned (at LastPass, Possible.lv, Qualys, Filippo.io), check out the very convenient guide provided by the security firm IVPN. Here is a sample of what it displays:

It doesn't cover all sites, of course, but it includes many of the biggest-volume ones. The two most useful aspects of this presentation are showing which sites did not use OpenSSL at all and thus were not affected; and clarifying which affected ones have already implemented a fix, so that new, changed passwords will "stick." I can't independently vouch for all the reports here, but the ones I do know about match up with what I've seen elsewhere. Again, the advantage here is the simple clarity of the presentation.

2)  As this episode recedes and tech people figure out its long-term implications, commit to heart the Basic Rules of Password Life, as reeled off and explained in the initial post:  

  • Err on the side of changing passwords, especially after reports like this;
  • For sites you care about, never use a password you have ever used anywhere else;
  • Use a password manager to avoid going crazy from the previous two tips;
  • Use two-step security systems when they're available, for example in Gmail;
  • Remind yourself why it's worth going to this bother by reading what can happen if you don't. And anyway, that report is interesting.  

That is all. Again, the upshot of recent reports is that most important sites have now patched their OpenSSL vulnerabilities, so there's no further excuse for putting off password changes where indicated. 

Update: xkcd has a wonderful visual explanation of how the bug actually works.

Previous post                                                                   Next post

Presented by

James Fallows is a national correspondent for The Atlantic and has written for the magazine since the late 1970s. He has reported extensively from outside the United States and once worked as President Carter's chief speechwriter. His latest book is China Airborne. More

James Fallows is based in Washington as a national correspondent for The Atlantic. He has worked for the magazine for nearly 30 years and in that time has also lived in Seattle, Berkeley, Austin, Tokyo, Kuala Lumpur, Shanghai, and Beijing. He was raised in Redlands, California, received his undergraduate degree in American history and literature from Harvard, and received a graduate degree in economics from Oxford as a Rhodes scholar. In addition to working for The Atlantic, he has spent two years as chief White House speechwriter for Jimmy Carter, two years as the editor of US News & World Report, and six months as a program designer at Microsoft. He is an instrument-rated private pilot. He is also now the chair in U.S. media at the U.S. Studies Centre at the University of Sydney, in Australia.

Fallows has been a finalist for the National Magazine Award five times and has won once; he has also won the American Book Award for nonfiction and a N.Y. Emmy award for the documentary series Doing Business in China. He was the founding chairman of the New America Foundation. His recent books Blind Into Baghdad (2006) and Postcards From Tomorrow Square (2009) are based on his writings for The Atlantic. His latest book is China Airborne. He is married to Deborah Fallows, author of the recent book Dreaming in Chinese. They have two married sons.

Fallows welcomes and frequently quotes from reader mail sent via the "Email" button below. Unless you specify otherwise, we consider any incoming mail available for possible quotation -- but not with the sender's real name unless you explicitly state that it may be used. If you are wondering why Fallows does not use a "Comments" field below his posts, please see previous explanations here and here.

Google Street View, Transformed Into a Tiny Planet

A 360-degree tour of our world, made entirely from Google's panoramas

Video

Google Street View, Transformed Into a Tiny Planet

A 360-degree tour of our world, made entirely from Google's panoramas

Video

The 86-Year-Old Farmer Who Won't Quit

A filmmaker returns to his hometown to profile the patriarch of a family farm

Video

Riding Unicycles in a Cave

"If you fall down and break your leg, there's no way out."

Video

Carrot: A Pitch-Perfect Satire of Tech

"It's not just a vegetable. It's what a vegetable should be."

Video

The Benefits of Living Alone on a Mountain

"You really have to love solitary time by yourself."

More in Technology

From This Author

Just In