My HeartBleeds for HC.gov

This is a huge hub bub today so far. From my understanding the accounts were not comprimised, the password change is a precaution. I am not sure how much of that i believe though.....

The password change has always been there, it was just however mostly done by calling in to the marketplace. There is button clicked on our side that deletes and resets passwords and unlinks or links the account via the social security number.
 
I wish we had you on here months ago, you're an invaluable asset, and will be sorry to see you let go next week. Be sure to stick around here though.

There is a bill in congress to make a new 800 hotline at HC.gov for agents only. They should have done this initially, they would have had so many more signed up and less disgruntled users. Even better if they had someone like you answering our questions online like this.
 
Y'all do realize that Heartbleed affects OpenSSL protocols right? Seems to me that banking websites using affected servers would be a much more opportune taget, if indeed, the bug was even ever exploited.....
 
Most people get lost at "openssl". They couldn't tell a secure socket layer from an API wrapper!

Sorry for the gratuitous nerd joke. Reality is, most people just plain don't know enough about how this all works to even understand what's going on. Heck, I run half a dozen websites utilizing SSL (thankfully, not this particular protocol) and I can't even fully explain it.

Post, you're absolutely correct. They'd much rather pop cash out of accounts, than steal identities from the fed's and deal with that whole procedure (thieves are looking for the biggest return for the least work and risk).
 
Looks like they are forcing password changes upon next login:

Obamacare website resets passwords over Heartbleed bug

The Obama administration has reset the passwords of consumers who created accounts through HealthCare.gov, saying the precautionary move was necessary to protect personal information at risk through the newly discovered Heartbleed Internet bug.

Those who have accounts will be prompted to create new ones the next time they visit the site, according to an announcement posted on HealthCare.gov, a federal website managed by the U.S. Centers for Medicare & Medicaid Services.
 
Yet, realistically speaking, half of the (potentially compromised) passwords are the same ones they use for the e-mail account the "forgotten password" is sent to. Same as the bank account, same as facebook, same as PayPal, etc.

HC.Gov is doing the right thing, but for your personal reference, change all of your passwords, especially if you're one of those people that uses the same one for everything.

Try to change them all every 6 months if possible, at least the ones with financial ties.

Use the LONGEST password possible. "batteryhorsefootstaple" or "mymomdislikesavacados" is easier to remember and harder to crack (cryptologically speaking) than your typical 8 letters with a number and symbol.
 
RayNY said:
Yet, realistically speaking, half of the (potentially compromised) passwords are the same ones they use for the e-mail account the "forgotten password" is sent to. Same as the bank account, same as facebook, same as PayPal, etc.

HC.Gov is doing the right thing, but for your personal reference, change all of your passwords, especially if you're one of those people that uses the same one for everything.

Try to change them all every 6 months if possible, at least the ones with financial ties.

Use the LONGEST password possible. "batteryhorsefootstaple" or "mymomdislikesavacados" is easier to remember and harder to crack (cryptologically speaking) than your typical 8 letters with a number and symbol.
Click to expand...


Agreed. I swear by the Lastpass app, and also use 2 step authentication (Google authenticator app) everywhere I can; Facebook, Google Accounts, Lastpass, & Dropbox.

Lastpass will generate secure random passwords and save them for you in an encrypted container. Also, Lastpass allows you to only allow Lastpass account login from domestic IP addresses (remember this when traveling overseas - need to update settings), and a host of other options such as the Goolge Authinticator app. Google Authenticator is a secure, easy to use, two-factor authentication application for your mobile device that is immune from replay-attacks, man-in-the-middle attacks, and a host of other threat vectors.
 
Post Quartermaster said:
Agreed. I swear by the Lastpass app, and also use 2 step authentication (Google authenticator app) everywhere I can; Facebook, Google Accounts, Lastpass, & Dropbox.

Lastpass will generate secure random passwords and save them for you in an encrypted container. Also, Lastpass allows you to only allow Lastpass account login from domestic IP addresses (remember this when traveling overseas - need to update settings), and a host of other options such as the Goolge Authinticator app. Google Authenticator is a secure, easy to use, two-factor authentication application for your mobile device that is immune from replay-attacks, man-in-the-middle attacks, and a host of other threat vectors.
Click to expand...

I swear by Lastpass, too. The only password I have to remember is the one that opens Lastpass, and I made that a very long password that does not contain dictionary words, but contains capitals, numbers and symbols.

I also use Lastpass for secure notes that contains PIN numbers, the password to our router, User accounts for computers, etc. In this world, with hundreds of sites requiring unique passwords, and the requirement to change passwords often, Lastpass is a Godsend.
 
Last edited:
Personally, I use "Keeper" (with a single secure password to access that).

It has the bonus of allowing you to take notes, include URL's for login portals, and will even generate random string passwords for you. Plus, if you lose your phone, you can restore all the info to the next one so long as you don't forget your login information (even from android to apple or vice-versa).

Of course, those little things like NPN, license numbers, driver ID's, etc. can all be stored as well.
 
You must log in or register to reply here.

Similar threads

V
Which companies are best for national coverage?
Replies
6
Views
176
Yagents
Y
axeman462
ACA subsidy for 2025
2
Replies
14
Views
5K
Jim Wright
J
V
How to Contact CMS for website help?
Replies
2
Views
2K
vic120
V
Y
New CMS/ACA requirement for paper or phone recorded attestation of understanding
Replies
7
Views
3K
yorkriver1
Y
Insurance Forums Staff
Nearly 16 Million Sign Up for ACA Coverage in Marketplace Since Start of OEP
Replies
0
Views
3K
Insurance Forums Staff
Insurance Forums Staff

Latest posts

Back
Top