I heard on the news last night that you shouldn't change passwords unless the organization that the password is for... has fixed this problem on their end. In-other-words, if he subject password is for AudiogoN, AudiogoN has to have applied a fix on their system... otherwise it's a waste of time to change the password.