
Heartbleed Bug: Public urged to reset all passwords - markhemmings
http://www.bbc.co.uk/news/technology-26954540
======
ibmthrowaway218
Which is worse?

a) Leaving your password unchanged on a site because it is still vulnerable.

b) Changing your password on a site that is still vulnerable.

~~~
matthewi
I think that depends on your password management policies. If you are using a
unique password for every site, change them all now and then change the ones
that were vulnerable again after they are patched. If you are like many people
and reuse passwords, you should not change that password to be one you use at
a patched site.

