Heartbleed Hell

Like a lot of people, I’ve been affected by the Heartbleed bug.  Most frustrating to me is that I got to spend a couple of hours on Tuesday afternoon futzing about with SSL certificates to make sure that I wasn’t vulnerable to the attack.

I’m taking a little free time on Friday afternoon to do an audit of my password data using 1Password, which I am on the record as using and really liking.  After de-duplicating a bunch of items where I had a stored password and a stored login for an account, I still have 600+ login items.  I’ve been doing a very good job of using good, hard passwords that are unique to sites.  A good password manager is worth having, even if you’re like my dad and just keep it in an encrypted Excel spreadsheet.

But my main frustration right now are the sites that won’t let you change your password unless you use the lost-password function.  How dumb do you have to be as a developer to miss that step?  This is not fucking rocket surgery.