Watchtower question - Change Heartbleed passwords yet?
I guess because of the nature of the heartbleed bug, end-users aren't supposed to change their passwords for affected sites until the site has updated their servers with a security patch to fix the issue. Doing so prior to the security patch being put in place exposes your new password just the same as the old one.
My question about Watchtower is... Should I change my password for every site listed in Watchtower now, or do I have have to check each site listed one-by-one by clicking on the red vulnerability alert banner that appears at the top of the saved login entry to verify if the site is still vulnerable and/or if they've updated their certificates? (see screenshot below for an example of the info provided upon clicking the alert banner):
Please advise. Thanks!
Comments
-
Hi @m021478,
Watchtower already includes the vulnerability date (the date it is fixed) for each site in its database (which is based from the Watchtower's site). That means it'll compare your last password change against the vulnerability date for that site.
So, if it is on your list and the required action is to change your password, then you should be doing that now. Once you change your password, it'll automatically be removed off the list.
If the site is still bleeding, then 1Password will say Avoid on the vulnerability alert and stick the Login item under under the Avoid status in the Watchtower list.
In your screenshot, the vulnerability date on that would be April 10th, so your password change has to be after that date or it'll stay on the list even if you changed your password on April 9th.
0
