Recently I have been answering a lot of questions regarding the Heartbleed bug. The temporary closing and stolen SIN numbers from the CRA website have made many people aware of this bug. This bug does not affect your personal computer. The problem lies with the computers running the secure websites you enter passwords into. If these computers were running a specific software (OpenSSL) your passwords may have been compromised during log in to the site. Because of the nature of the bug there is no way for the websites to know if the bug was exploited in the past. Many people use the same password for multiple sites. This means if someone finds your password to one site they may try to see if the same password works on other popular sites. Any website that were vulnerable should now be patched. Even if your site claims not to have been vulnerable I am recommending my customers change their passwords. Many have been using the same passwords for years.
Since the discovery of this bug I have started testing a password manager called LastPass. It has been around since 2008 and has many favorable reviews online. The program loads each time you use your browser to visit websites. It requires a difficult master password before opening. It then records each password you enter and will automatically fill them in when you visit the site the next time. It can also be used to generate random very difficult/different passwords for each website. You don’t need to type out these passwords because the program will enter them for you once you enter the master password. The advantage to using password managers is you can use difficult/different passwords for each websites any only have to memorize one master password. The disadvantage is if someone discovers your master password they may be able to access all passwords in your manager. I think the possibility of someone finding my previous passwords (that rarely changed) much higher then the new random ones. Here is a video that helps explain the function of this password manager: