Heartbleed OpenSSL Bug does not affect TypeWell account security
There's been a lot of buzz around the Heartbleed Bug, a vulnerability in the OpenSSL encryption software used by up to two-thirds of websites. The TypeWell site is not affected by this vulnerability. Our site does not use the OpenSSL encryption method because we don't store customer payment details or other private data.
When our customers pay for TypeWell training or software online, we forward them to a third party payment processor, PayPal. According to PayPal, its users' credentials were not exposed by the Heartbleed Bug. PayPal assured its users that they don't need to change their passwords.
However, many people use the same password for multiple sites. If you're one of those people, then we do recommend changing your passwords on those secure sites, but only once you know the sites have patched the problem.
This type of vulnerability (e.g. using passwords across multiple sites) is one reason we disallow our users from defining their own easy-to-remember passwords on our login form. The passwords that we generate and send to you by email are relatively strong and unique, and therefore unlikely to be used on other websites.
If you do believe your TypeWell account may have been compromised for any reason, we do suggest changing your password. If you share your TypeWell login credentials with a designated account manager, such as a transcriber who uses or manage your software licenses, it's a good idea to change the password a couple times a year.
In the future, we may add capabilities to our site that require additional security — for example, allowing users to set their own passwords or store payment information. In that case, we will add the necessary security infrastructure, and we'll review and update it regularly to keep your data safe.