With the recent report of cloudflare credentials being cached/available in search engines, it is always wise to see just how many sites you’ve logged into recently. If you don’t use a password manager, then you will have a fun time going through your browser history, working out what sites you logged into and then changing your passwords.
Hopefully you are using a Password Manager by now and there are several routines available (with source) to check an exported list of urls from your manager of choice against a public list of cloudflare protected sites.
I used CloudFlareChecker as I could use powershell to filter out my password list to url’s first and then run the site list through the tool (which required the .net runtimes installed).
Out of 1200+ url’s in my password export, there were 25 sites using cloudflare. It didn’t take too long to change credentials and update the passwords in LastPass. Yes it’s worth doing for all sites – but I really don’t have time to log into that many websites!
If you don’t use LastPass then there are several other resources at your search engine of choice that will help you check firefox saved passwords (hopefully you don’t), Keepass or even check an individual website for potential issues.
As an aside, I’ve been trying out Dashlane as an alternative to LastPass but I’ve not been very impressed with it so far. It fails to recognise any saved credentials for Office365 and the extension doesn’t even activate in Chrome so I’m staying with LastPass. If you haven’t signed up for a Password Manager yet, then signing up with this Lastpass premium link gives us both a free month of premium access and if you have any questions then let me know.