1

I've a dozen email accounts, probably a hundred websites and forum accounts and I don't want to go about changing all the passwords.

Do I need to change the password of websites that I seldom logon - or the logon is "saved" in the browser cookie?

Joshua Lim
  • 261
  • 3
  • 17
  • If you haven't recently logged onto a site, your password is very unlikely to be in its memory. However, the exploit has existed for a few years and we will never know if someone was using it in that time before it was publicly announced. Should you reset passwords? It depends where you are on a scale of paranoid to lazy. – user253751 Apr 12 '14 at 13:24
  • If every single on of those accounts has a unique password. You can ignore the websites you have not visited in 2 years. – Ramhound Apr 12 '14 at 21:39

2 Answers2

2

Ultimately its your call, however yes, you should change all your passwords ONCE YOU KNOW THE PROVIDER HAS UPGRADED THEIR AFFECTED SYSTEMS (or if you know they are not affected but have used the same password in multiple locations).

Unfortunately Heartbleed allows a bad player to get unencrypted usernames and passwords which are in memory on a compromised system. Having the passwords stored in your browser (but not used) is probably not an issue though.

Although this vulnerability has only been common knowledge for days, it is possible that the system has been compromised by sophisticated players (think NSA) for up to 2 years - so another component to the question is "how worried are you about government agencies being able to continue to access your details through these systems".

I grant you that what I am saying is probably paranoid. Unfortunately Edward Snowden has shown they are actually watching us !!

davidgo
  • 68,623
  • 13
  • 106
  • 163
1

Two things to consider on those sites: does the site have your credit card information or other important data stored? If so, be cautious and change it. If you have used that same username and password on other sites where you have important data, you would also want to change it.

Joel
  • 121
  • 2
  • 1
    If a website is using actually storing your credit card information then you are already in trouble since they are not suppose to do that. – Ramhound Apr 12 '14 at 21:38