Quote:
Originally Posted by jswinden
No need to change passwords until they are definitely fixed as that might keep you at risk.
|
'zactly.
Everybody's gotta do what helps them sleep better at night. I get that. But here's the three scenarios I currently see regarding Heartbleed:
- They already got my personal info and I'm already screwed--even if I change my password now.
- I changed my password in time, but the site hasn't been patched against Heartbleed and my personal info is still vulnerable.
- The site has already closed the Heartbleed hole, and I'm changing my password because it's just good practice.
Other than making sure my passwords aren't silly-simple, I've come to the realization that I really don't have a single bit of control over my own online "security."
Even if I had absolutely no online accounts, the companies, and financial institutions I did business with would still store my personal info in hackable databases. *shrug*