TexasCHLforum.com

I used the sslabs program to check every site that I go to that keeps any of my financial info. The only site that was not protected was a hospital and the CEO says they will be patched next week. From what I understand, this bug doesn't care what your password is. If your bank internet connection is not secure, then a hacker can get in and transfer your funds out. Doesn't matter what your password is. If the site is not secure now and they patch things then change your password after the patch. But if the site is not secure now, anything on the site can be hacked- not just your account. I am not IT but having had identity stolen recently on a credit card I can tell you that it happens. None of this is because your password is bad. They apparently can bypass your password.

oohrah wrote:Here's what I do, taken from a security article recommendation.

I created a complex "prefix" of a mixture of alphanumeric characters, and memorized this, It is not written down anywhere. I use this prefix with a similarly complex "suffix" which is unique to each site where I need a password. All of theses suffixes are written down with the login information for that site. All of my passwords wind up being 12-16 characters, and I never have the browser or anything "save" them.

According to what I read that is not a protection for this hearbleed thing. They download your password from the site that you are going to.

Here is a link to a site that will test your secure site to see if they are heartbeat secure

https://www.ssllabs.com/ssltest/" onclick="window.open(this.href);return false;

So, if you want to see if your discover card sign in site is secure type in discovercard.com (it is secure)

You are not giving out any data or passwords to ssllabs.