This post was written in collaboration with Nancy Hupp.


Well it’s happened.  Everywhere we turn, headlines warn of the Heartbleed Bug, and it’s time for a change—of our passwords. This is especially important for sole practitioners, who have an ethical obligation to be mindful of technology but may not have the IT team to help them out.


Confused? Read this post to understand (or if you’re like me, not understand, but at least appreciate) the risk. The post tells you all you’ve ever wanted to know about Heartbleed and lets you know which passwords to tackle first.


To change your password, the first hurdle is your own memory. I have found that the stronger the password, the weaker my ability to recall it.  Show me someone who actually knows their passwords and I will show you someone who:


  • Writes them down.
  • Uses the same password on all sites.
  • Uses a common password we’ve all been instructed never to use.


If, you’re cautious enough to avoid these techno-sins but still unable to recall your password, the answer is to reset it.  Click on “Forgot password?” and the site cheerily sends a reset-password instruction to your email address. Which may be when you realize you don’t remember whether you set up the account recently with your new Gmail address, or back in the Clinton administration with that old AOL address your friends have been teasing you about.


But let’s say you find the reset code.  Now all you need to do is come up with a new password.  Here’s how it works:


You type: ihappy

Invalid. This password is already taken.


You type: ifrustrated

Invalid. You need to have at least one uppercase and one lowercase letter in your password.


You type: I very frustrated

Invalid. You cannot have spaces in your password.


You type: IVeryFrustrated

Invalid. You need at least one symbol in your password.


You type: IVERYfrustrated!!

Invalid. Your password cannot exceed 10 characters in length.


You type: IIrate!

Invalid. Your password must have at least 8 characters.


You are sweating now, punching the keyboard in a veritable panic.

You type: IIIrate!!!


Your password was accepted!


Momentarily you are relieved. Then you read:

Please retype your new password to confirm.


Now you now know why they named it Heartbleed.  You’re not wrong to consider the statistical probability of being hacked, and wonder if it would be more or less painful than coming up with a seemingly-infinite series of random letters, numbers and symbols that you will not remember.  Or to consider whether there’s an easier way – for example, using a password manager.


Take heart. Know that when you have changed your passwords, returning to work will be the easiest thing you’ve done all day.

Karin Ciano
Follow me

Karin Ciano

Attorney at Law at Karin Ciano Law
Karin Ciano is a former federal career clerk in solo practice who likes to meet good people, work on interesting cases, and get back into federal court whenever she can. She practices civil rights and employment law, and she is also a freelance attorney who assists other attorneys with putting their best foot forward in federal cases. She is also the Twin Cities director of Custom Counsel LLC, the freelance legal network, and one of the co-founders of the Minnesota Freelance Attorney Network.
Karin Ciano
Follow me

Latest posts by Karin Ciano (see all)