You are reading a single comment by @Velocio and its replies.
Click here to read the full conversation.
London Fixed Gear and Single-Speed is a community of predominantly fixed gear and single-speed cyclists in and around London, UK.
This site is supported almost exclusively by donations. Please consider donating a small amount regularly.
@Velocio
The thing with passwords is that most passwords are surprisingly easy to break, and most people don't realise how many times they've used a weak password nor where (we all lose track of every site that we've ever been to).
I'm a privacy and security nut, so LFGSS is near the gold-standard and during the first day of the Heartbleed flaw we were beating most banks and other critical services.
But... services like Yahoo weren't patched for most of the day and passwords were exposed in plain text.
So if you happen to use the same password for many services, then it doesn't matter how much I do to secure LFGSS as some other service could leak the password by not being as paranoid about security.
The point of recommending LastPass is simply that by every site ending up with a unique and very hard to crack password, when one site is compromised (and one will), all of your other site logins remain secure.
I don't necessarily disagree with the general call to the public to change all their passwords, because the vast majority of the public use the same weak password (or a few variants of) for nearly every service. It's just that the reason to change it should be that people are using the same weak password everywhere... not because Heartbleed potentially is leaking it from some sites you've recently logged into.