* "Heartbleed" is a serious bug
* You should change passwords as a precaution
* You MUST change your COA password this week
You have probably seen information about a computer bug called "Heartbleed" that has created a serious Internet security risk. In fact, TAMU central IT sent out an email on Friday afternoon that outlined the risk and impact on Texas A&M servers. You can review this information here: http://security.tamu.edu/protect_myself/Heartbleed_Bug.php
COA systems are secure: ITS patched our servers within 24 hours of the announcement. Unfortunately, since the Heartbleed bug existed for more than 2 years before it was discovered, the potential exists that the passwords you have used on COA websites have been compromised. As a precaution, we are expiring all COA passwords over the next week. You will receive a standard notification within the next few days that your password is expiring soon, and instructing you to use http://myaccount.arch.tamu.edu to change it.
We STRONGLY recommend that you create a completely new password at this time -- any password you have used on the Internet in the last 2 years is potentially compromised. You can find an infographic with tips on creating strong, easy-to-remember passwords here: http://goo.gl/f0cjLR | http://goo.gl/BdQrGH
Furthermore, even systems that were not affected by the Heartbleed bug (like NetID login, SSO, etc) CAN BE COMPROMISED if you used the same password on a compromised system. So if you had your COA password matching your NetID password (or your SSO password) you need to change both. The same rule applies to Facebook, Gmail, Yahoo, and any other internet service.
Finally, you should also consider how this bug affects other Internet websites you use. Facebook, Google, Dropbox, and many other sites were affected, and are recommending that you change your password on their site: http://goo.gl/JVAO0G. Remember that if you shared passwords between sites, you should change all of them.
If you have any concerns about this process, please stop by the ITS Helpdesk (Langford A122) or contact us at 862-8584 or firstname.lastname@example.org. We will be available all week to answer questions and assist you with the password reset process. If you want help with your mobile devices (phones, tablets, laptops) don't forget to bring them with you to campus.