The Heartbleed Bug and Your AAS Account
A few of our servers were affected, but they were all updated within a day of the bug's announcement. We do not see any signs that we were targeted or that any of our members' information was compromised, including credit-card information.
Even though our systems, and many others, have now been patched, there are still many servers, workstations, and other devices across the Internet that have not yet been patched. Here are two online tools you can use to test whether a particular website has been patched or remains vulnerable to the Heartbleed bug:
Given how widespread the bug is and how significant the risks posed by it are, we strongly recommend that you change all your online passwords. Most Internet security experts recommend that you do not use the same password for multiple sites or systems. Maintaining tens of passwords sounds very difficult, but there are now several password-management tools available that actually make it quite easy. We encourage you to check these out and use the one you like best:
Here are a couple of tools that will help you test the strength of possible passwords. These sites are not affiliated with the AAS but appear to be safe, based on our examination of the code that does the testing. Even so, we do not recommend that you test the actual passwords you'd like to use. Instead, use these tools to get a rough idea of how secure or insecure your password ideas might be. You can easily see the effects of using longer passwords, numbers, special characters, and other things:
While we are not requiring you to change your AAS password, we recommend doing so as a precaution. Start at https://members.aas.org. Once you log in with your AAS username and current password, click "My Account" to change your password.
Some websites may ask you to change your passwords again in the very near future.