Add TypeWell to your feed

Byword: A blog by and for the TW community

Heartbleed OpenSSL Bug does not affect TypeWell account security

There's been a lot of buzz around the Heartbleed Bug, a vulnerability in the OpenSSL encryption software used by up to two-thirds of websites. The TypeWell site is not affected by this vulnerability. Our site does not use the OpenSSL encryption method because we don't store customer payment details or other private data. 

When our customers pay for TypeWell training or software online, we forward them to a third party payment processor, PayPal. According to PayPal, its users' credentials were not exposed by the Heartbleed Bug. PayPal assured its users that they don't need to change their passwords. 

Passwords Are Like Pants Square
"You should change them regularly."

photo credit: Richard Parmiter via photopin cc

However, many people use the same password for multiple sites. If you're one of those people, then we do recommend changing your passwords on those secure sites, but only once you know the sites have patched the problem.

See: How to Protect Yourself from the Heartbleed Bug

This type of vulnerability (e.g. using passwords across multiple sites) is one reason we disallow our users from defining their own easy-to-remember passwords on our login form. The passwords that we generate and send to you by email are relatively strong and unique, and therefore unlikely to be used on other websites. 

If you do believe your TypeWell account may have been compromised for any reason, we do suggest changing your password. If you share your TypeWell login credentials with a designated account manager, such as a transcriber who uses or manage your software licenses, it's a good idea to change the password a couple times a year.

See: How do I change my TypeWell account password?

In the future, we may add capabilities to our site that require additional security — for example, allowing users to set their own passwords or store payment information. In that case, we will add the necessary security infrastructure, and we'll review and update it regularly to keep your data safe.

Photo credit (sidebar): woodleywonderworks via photopin cc


Kate Ervin

Kate became a TypeWell transcriber in 2004 and began training new transcribers in 2009. She has served as TypeWell's Executive Director since 2011.

comments powered by Disqus