Surely the worst user experience on the Web is a security violation. Having your user ID or password stolen (not to mention the events that follow).
Or is it having to remember ALL your passwords for ALL the Websites you frequent and then going around and changing them all?
The Heartbleed bug has forced many Websites and Web services to send out requests for users to change their passwords.
A list of likely sites affected was issued by Mashable recently. They include many major Websites, from social networks (Facebook, Instagram, Flickr, YouTube), to email providers (Google, Yahoo), and other vital Web-based services (Dropbox, Amazon Web Services).
Luckily, the password protectors (LastPass and the like), government sites and most major financial institutions seem relatively untouched by the turmoil. But nonetheless, it’s cause for alarm.
The bottom line is: as a user, I’m pissed to have to do this stuff. I’m concerned about my security and accounts, so I probably WILL change all my passwords, but it’s a lot of work and makes me wish I had a smaller footprint on the Web.
But I have no one to complain to. These companies now know what they need to do to rectify this, and have (presumably) already taking steps to rectify the problem.
But the experience has the effect of giving me pause before signing up for more accounts (with more passwords) on more sites. How many Web users feel the same?
Password maintenance already is one of the most vexing issues for the user experience on the Web. Just creating and tracking passwords is itself a concern, especially when sites request all manner of different criteria for passwords. Add a security threat (or two or three) on top of that, and the Web user now has a very big headache.
But before you go anywhere, go read that list of passwords you have to change, and change them. Now.