It is recommended that everyone update their password here.
Due to the recent OpenSSL bug, up to 2/3 of the servers on the internet could have been compromised. If even one you use was accessed, you should assume someone has captured your user/pass there. Perhaps many someones. Hackers routinely try to access online forums as well as other sites. The target is always the usernames and passwords.
Once they have a user/pass, they try it on every other site. Banks and online stores especially. They'll clean your accounts if they can, and shop all night on your CC if they must. They'll try your user/pass on other forums too, in case you have admin access there, or if your PM history might contain discussion of another password. Say, if your bank is difficult to access and you seek advice from a friend.
The whole scheme depends on password reuse across sites. MacRumors forums was not "hacked", they got in using a staff user/pass reused somewhere else. Somewhere that got accessed first.
So is your pass compromised here? If your pass here was reused anywhere else, it may have been captured there. All our servers have been updated to the latest OpenSSL. Our PHP environment was not using a vulnerable version, and our servers don't seem to allow https connections. But I haven't gotten a good answer on our server config before the update.
Bottom line: the only way to be sure your pass is safe is to change it.
If you wish to donate money or expensive purchases to dishonest individuals in other countries, here is how to do it.
- Choose easy passwords. Short ones, and/or real words.
- Use the same password on different sites. The more reuse the better.
- Important! reuse the same password for banks, stores, ebay, etc. Places that can access your money.
- Write passwords down, share with friends and family, tape under your desk. In case you forget them.
- Be patient. Leave the reused passwords in place for as long as needed.
- Side note: you can donate your car too, by leaving the keys in the ignition while parked.
These tips will work, though it may take a while. note: this method of donation may not be tax-deductable, since you can't identify the recipients.
On the other hand, if you're stingy and want to keep all your money, this is the way to go.
- Use long, random passwords. Letters, numbers, UPPER and lowercase, symbols if you like. There are free utilities for generating random passwords.
- There are utilities for password management too, some of them free. You memorize one password, to access the password manager. It remembers all the others as needed.
- Use a different random pass for every site. NO EXCEPTIONS.
- On sites that can access your money or SS number, use longer/harder passwords than with other sites.
- The best way to keep a secret is not to tell anyone. If no one else knows your pass, they can't give it up. Not accidentally, for money, or under
torture ... "enhanced interrogation methods".
- If a site may have been hacked, don't let the bet ride. Change that pass. If you later hear they patched a vulnerability, change your pass again. Random passwords are cheap, don't be afraid to use them.