Security Flaw described on Page 1 of NYTimes, 4-8-2014

[wdc]

http://bits.blogs.nytimes.com/2014/0...e-internet/?hp

This sounds really serious.

Can someone please suggest a recommended approach to creating new passwords --- that one can remember?

...wdc

[fink]

I like using important (or not so important) historical events and dates of which there are nearly an infinite number to choose from (so long as they don't relate to me like birthdays etc).

EG- TheBattleOfHastings.1066 (not one that I use or the exact way I do it.. LOL)

[foxy]

You don't have to remember it. I use LastPass, which generates passwords of gobbledygook for each site, a random mix of capital and small letters, numbers and symbols.

Example :
^(538hFEomd48

There's a master password that I change now and then, and LastPass remembers my 160 IDs and passwords. KeyPass is another free program. Roboform charges and is no better than the other 2.

And writing down a PW is not a big deal if only you know where the list is kept. Before LastPasss I just kept a small notebook with data.

[jdc2000]

Another link worth reading:

http://www.zdnet.com/how-to-recover-...tag=TREc64629f

[Sal_gal]

Do you have to pay for LastPass? Wow! Before long, computers are going to be loaded up with more anti-virus and anti-malware than they will with productive software programs.

[fink]

Well worth looking at but of limited use against Heartbeat exploit..

http://discussions.virtualdr.com/sho...d-preventative

[foxy]

I know, I sent that out as general computer maintenance because the OP asked about creating and remembering PWs. LastPass also makes it easier to make and record the new passwords, and has a tool for telling if you're PWs are secure enough under normal circumstances.

Of my 170 sites, the HeartBeat PW checker told me to change only one, Yahoo, and I keep nothing sensitive on that site. So it seems many sites don't use OpenSSL

Sal_Gal-- both LastPass and KeePass are free.

I already have most of the security options mentioned in the other URL, except Sandboxie. Can anyone recommend a free sandbox?

[foxy]

I hope you remember "The" before the event.

[HAN]

I for one, am not changing all my passwords. The only ones I've done are financial related.

It's my humble opinion that this could have been bad but wasn't. I have yet to read anywhere about a nefarious breach due to Heartbleed. Keep in mind that this issue has existed for 2 years! Once the bug was publicly announced on Monday, most sites were patched that day (or within the next day or so.) If a user didn't log into a site during those days, I have serious doubts that user has any problem.

But, that all said, it's not impossible that something didn't go wrong. So, it all comes down to a personal choice. If you'd feel safer by changing your passwords, go for it!

[HAN]

Do you have to pay for LastPass? Wow! Before long, computers are going to be loaded up with more anti-virus and anti-malware than they will with productive software programs.

I use and recommend LastPass but remember it's a cloud based password manager. If you just want something for your use at home, just on your PC, run KeePass. Properly used, it's very safe.

[foxy]

I logged onto many sites this week, but I'm not changing any PW unless I have a problem. If you try to change a PW on certain sites, you're doomed, like the fellow in the song who rode the subways forever for lack of a fare. This ESPECIALLY is true of YAHOO and Verizon. Once changed my Yahoo PW 6 times in a year till one took.

[https://www.youtube.com/watch?v=xsqBtZNBL60

[foxy]

Amen! We're paying a high price in time, money and aggravation for the democracy of the internet.