According to this article: ...I'm advised to wait until all my banking institutions, etc. announce that they have fixed the encryption glitch before I change my passwords, because doing it now on a non-secure site would be mega-dumb. Right? Problem is, I'm not seeing anyone making any such announcements that they've done anything to plug the hole yet. So how long can I safely wait to change my passwords? Not sure how to handle this.