Following this train of thought, I also use a secure password management system called "LastPass".Skiprr wrote:First, though, my strongest piece of personal advice is never to use the same password on multiple sites. It's a pain; I know. But this new security flaw clearly illustrates the reason: if you use the same password for your Bank of America account as you do for "ABC Aftermarket Gun Grips," this SSL security vulnerability could yield your password from the small retailer and potentially be used to exploit your personal bank account, even though BofA has patched their systems to protect against the flaw. Also, as much as everyone hates it, use strong passwords...passwords as strong as the servers will allow. If the website permits special characters like #!~*^ and the like, use them. Never, ever, use a simple password that can be easily discovered using brute-force algorithms.
Basically, I have one long password using upper case, lower case, numerals and special characters to open my LastPass. That decrypts my password storage "vault" that stores all the user names and passwords for all the different online systems I use. LastPass can be used to generate strong passwords for these sites as I set the password (or change it) on these various sites using rules I define for length and complexity. Using your BofA example, my various banking passwords are 20 random characters utilizing upper case, lower case, numerals and special characters. When I go to a bank, then LastPass enters my credentials for me. There is no way I can remember those kinds of passwords, and I am not going to scribble them down on a piece of paper or keep them in a text file on my desktop.
Thanks for the Heartbleed information. LastPass will make going to all my websites and changing all my passwords very simple.
If people are going to go change their password everywhere, this is also a good time to move to a secure password solution like LastPass. I chose LastPass because PCMag had it as a recent "Editors Choice" and CNet also was very positive. There are other solutions out there as well, but I wasn't going to get into analysis/paralysis.