After reporting the problems with OpenSSL, which has been nicknamed 'HeartBleed', 2 contributors have forward articles on why you should change your passwords.
I always believed Mojang would keep my details safe, now I realise they are not in control of their own data. Mojang/Minecraft passwords should be changed immediately
The fallout from the Heartbleed bug is hitting the mainstream. The BBC has an article headlined "Public urged to reset all passwords".
Bruce Schneier calls it "catastrophic", giving this advice to sysadmins: "After you patch your systems, you have to get a new public/private key pair, update your SSL certificate, and then change every password that could potentially be affected." He also links to a webpage that will let you test servers for the bug, and an article on Ars Technica discussing the bug.
(Score: 3) by VLM on Friday April 11 2014, @11:13AM
"Just the fact that a significant percentage of people will change their passwords (no matter why) is good."
Asking "why" at this juncture is usually interesting. No appeal to authority or tradition, just logic please.
(Score: 1) by monster on Friday April 11 2014, @02:07PM
Pluses:
- It invalidates previously harvested passwords, be it hashed or in cleartext form.
- Most passwords that stand a lot of time do so because they are easy to remember. That usually means they are also vulnerable because of low entropy.
Minuses:
- A lot of people will pick an easily remembered password as their new one, so again low entropy.
- Many people will fail to follow good practices and will use the same password on several sites.