Tool/Procedure to Evaluate Whether Each Site in a Password Manager (e.g., KeePass, LastPass, Dashlane) is ready for a new password (post Heartbleed)?

Question

Sites need to be remediated for the Heartbleed exploit before a password is updated. Some sites will be remediated immediately but others may not be updated for months. Lots of us have many dozens to several hundred sites in a password manager that may need to be updated.

Is there already a tool / utility / procedure / site that will identify and track which sites are ready to have their passwords reset for all sites in a password manager (e.g., KeePass, LastPass, or Dashlane).

If not, what features would such a tool need?

I can envision three approaches at the moment.

1. Some other password manager includes this feature and both has a trial version and also will import the data from the current password manager.

2. A tool that will accept export data from current password manager (e.g., to .CCV), submit each site to a Heartbleed test site, and

3. A Heartbleed test site that will accept a list of sites (file or pasted). Again, the list would be derived by exporting the data from the current password manager with perhaps a little judicious editing.

The Heartbleed test sites that I know about will only accept one site at a time for testing.

UPDATE - LastPast Security Challenge now includes a Heartbleed section. I don't know how accurate the test is -- or can even be without site administrator participation.

Answer 1

Well, you change the password on affected sites anyway, especially if you have used the same password multiple times before. Keepass will help you generate and track unique passwords for each site.

There are checker tools for sites:

• http://filippo.io/Heartbleed/#inform.ckdgalbraith.co.uk

• https://www.ssllabs.com/ssltest/

Here is a Chrome Extension:

• https://chrome.google.com/webstore/detail/chromebleed/eeoekjnjgppnaegdjbcafdggilajhpic

(I have not tested this yet)