Search form

The Heartbleed Bug and Your AAS Account

Monday, April 14, 2014 - 16:50

You've probably heard about the Internet security bug called "Heartbleed." This is a very serious and widespread bug that affects many secured online connections. Luckily the fix is easy and has been implemented quickly by many organizations, including the AAS.

A few of our servers were affected, but they were all updated within a day of the bug's announcement. We do not see any signs that we were targeted or that any of our members' information was compromised, including credit-card information.

Even though our systems, and many others, have now been patched, there are still many servers, workstations, and other devices across the Internet that have not yet been patched. Here are two online tools you can use to test whether a particular website has been patched or remains vulnerable to the Heartbleed bug:

Given how widespread the bug is and how significant the risks posed by it are, we strongly recommend that you change all your online passwords. Most Internet security experts recommend that you do not use the same password for multiple sites or systems. Maintaining tens of passwords sounds very difficult, but there are now several password-management tools available that actually make it quite easy. We encourage you to check these out and use the one you like best:

Here are a couple of tools that will help you test the strength of possible passwords. These sites are not affiliated with the AAS but appear to be safe, based on our examination of the code that does the testing. Even so, we do not recommend that you test the actual passwords you'd like to use. Instead, use these tools to get a rough idea of how secure or insecure your password ideas might be. You can easily see the effects of using longer passwords, numbers, special characters, and other things:

While we are not requiring you to change your AAS password, we recommend doing so as a precaution. Start at Once you log in with your AAS username and current password, click "My Account" to change your password.

Some websites may ask you to change your passwords again in the very near future.

Scott T. Idem
Director of Information Technology
American Astronomical Society (AAS)