News about the Heartbleed security threat continues to circulate. Many users in our community have contacted ITS asking for advice about changing passwords and whether they need to change their Wesleyan password. While ITS continues to believe that our risk for exposure was very low, we have systems that use OpenSSL and responded accordingly as soon as news of the potential exploit became public.
ITS will not be mandating a password change. However, ITS does strongly recommend a password change for those who use the same password for Wesleyan and other services (such as Facebook, Twitter, Amazon, etc). While remembering passwords can be challenging, there is a considerable risk using a single password for everything. Furthermore, regular password changes are always a good idea and certainly an incident such as this is a good reminder to us all.