So is the security flaw only effecting weak passwords? If our password already meets your description above does it still need to be changed?