Zonk.

[lolmac]

I've been very quiet and not very responsive online the last few days, and I apologise -- I spent most of last week dealing with the Heartbleed bug and getting a new server installed at work.  Either of these by itself would have been a lively time.  And oh, yeah, it's tax season

Comments

[a_phoenixdragon]

Ohhh, I heard about that. And it is DONE.

I'm sorry you had to deal with all those headaches. What a nightmare!! Glad the server got launched without a hitch though!!

All passwords have been changed!

*HUGS*

[lothithil]

Done. Thank you for your tireless heroism. May the Holy Trout fish for you!

[thothmes]

Knowing in general terms what it is that you do for a day job, I was thinking of you as I was researching affected sites and changing passwords. I was betting that it was a Very Busy Week, with much internal cursing about humans and their ability to be exposed early and often to the tenets of good password protocol, and yet ignore that totally for the convenient and quick. They are lucky to have you, and may you have a delightfully restorative weekend.

I will be having a great week because Eldest Daughter got home for a visit last night and will be staying through Easter Monday, and I have a new CD to obsess over (Kate Price, A Walk in Witch Wood).

Wishing you a delightfully lazy morning, a superlative (extra - this is an indulgence here!) cup of coffee, and a sense of a day spread out before you full of possibilities, but not necessities.

[justice_turtle]

and done. My god, why do the password change screens have to be buried at the bottom of different link trails on every site. :P

(And in the event, having a "strong" password didn't matter at all. *eyeroll* I mean, I'm still doing strong passwords because you never know when the next leak will involve your usual stolen hashes, but ffs. :P)

[lolmac]

Having a strong password -- as long as it was also unique -- did help, in that exposure of a unique password means the potential damage is limited to just that one site.

The people with the biggest problems are the ones who reuse their weak passwords, so their hacked Facebook passwords can now be combined with their exposed email addresses and SSNs and used to access banking and government sites (which were mostly secure against Heartbleed).

To some extent, it's been an educational display of which companies are capable of good choices and decent response to a crisis. My favourite so far is actually Tumblr: they've acknowleged their vulnerability, they patched their systems ASAP, and then they reach out to ALL their users with an email contact that made changing passwords easy, but also optional. FACEBOOK DROPBOX YAHOO Y U NO DO THIS U SUK

[jackwabbit]

Yahoo had me change my password twice in two logins one one account, once last week on another, and not at all on another, so there's that.

But done. Except I haven't done LJ yet. Will do now. Oh, Lords. It's a completely unique one I do not use anywhere else. And fortunately so is my "real" email and such, but man it's getting tough to come up with more. Should I bite the bullet and do a password manager? I know you rec'd Dashlane before. Still your preference? Or another one. I know LastPass has been talking a lot about this? I dunno. My head hurts. *shrug*

EDIT: And likely unrelated, my Twitter got hacked about two weeks ago. That password is my "weak" one, used only for things that are not linked with anything else and rarely used now at that. It's old. But alas, it has been changed, too.

[lolmac]

I'm even more madly in love with Dashlane now. Both Dashlane and LastPass held up against Heartbleed, and both reached out to their users in support. LastPass did a few very good things that I wish Dashlane had done as well, but still, it was Win for both.

I'm going to be reccing Dashlane all over again when I get that tech support post written (I just didn't have the brains for it yesterday). Meanwhile, I'll send you a Dashlane invite -- you get a freebie perk if I do it that way, and so do I.

[justice_turtle]

*curious face* Given that I don't leave my laptop logged in anywhere a malicious person could get at it, is there some special advantage to using a password manager like Dashlane over my current method (a Word doc with a list of all my logins and passwords, regularly backed up onto both a thumb drive and an external hard drive)?