Heartbleed bug: Am I at risk? Do I really need to change my password?

The encryption flaw described as 'catastrophic' by experts has rocked the web, read on to find out which sites and services are affected - and what you can do

The discovery of Heartbleed, a flaw in one of the most widespread encryption standards used online, has panicked webmasters and users alike.

The bug has gone unnoticed for more than two years and could have potentially given hackers access to an unlimited array of secure data – everything from passwords and login details to credit card numbers and addresses.

Read more: What is Heartbleed?  'On the scale of 1 to 10, this is an 11'

Although it’s difficult to say exactly how many websites have been exposed, the lower estimates are around 500 million with a large number of major web companies (Google, Facebook, Yahoo, etc) all forced to update their software to protect against the bug.

However, there have been quite a lot of mixed messages as to whether or not users should change their passwords, with some outlets urging that you should create new ones immediately while others are advising that you wait.

To add to the confusion there’s also been reports of hackers sending out phishing emails related to Heartbleed - in order to trick users into giving up passwords that have yet to be compromised. Be on the look out for these and don't follow any links in suspicious looking emails - if you want to change a password go to the site directly.

The Heartbleed bug: Because now software flaws come with their own logos

Which sites are affected?

Most Google sites and services (including Gmail and YouTube - but not Chrome) were affected, as were sites maintained by Yahoo (including Tumblr and Flickr). Facebook was also hit by the bug although Twitter and LinkedIn were not.

Other big sites that have confirmed that they weren’t affected include Amazon, Hotmail and Outlook, eBay, PayPal and all of Apple’s properties – including iCloud and iTunes.  If you want to check whether or not a site you use is still affected then you can do so here – just enter the URL.

Another big worry is for online banking, but thankfully we have some good news in that department. Lloyds, HSBC, RBS, Natwest, Santander and the Co-Op have all confirmed that they were not affected by the bug (they were using different encryption standards). Barclays has yet to issue a statement.

However, this does not mean that your credit card details are completely safe – as they could have been compromised via your Gmail or another third-party site. The security of mobile banking apps is still a developing situation as well.

Gmail was among the sites affected.

So do I need to change my passwords?

In a word: yes.  For the sites we’ve listed above as being affected (including Gmail, Yahoo, Tumblr, Flickr, Facebook) it definitely won't hurt to change your password some time in the next couple of weeks.

Although security experts have warned that you shouldn't be too quick to change passwords, this is because not all website have patched their servers and changing your password before this happens could make matters worse. The sites we've listed above have patched their servers and if you want to check one we've not mentioned - click here and enter the URL.

Unfortunately, some sites (including Google) have specifically said that users don't need to change their passwords. While it's true that some sites are confident that they fixed the bug a while back, as most of us are guilty of changing our passwords less frequently than we should do (aka never) we think that this is as good an opportunity as ever to be a bit more security-conscious.

If you can't remember your password, trying leaving a subtle hint.

What should my new password be?

In lists of the most frequently used passwords online there’s some obvious clangers that we know you’re too smart to use (these include old stand-bys such as ‘123456’ and ‘password’ itself) but just because a password doesn’t look obvious to you that doesn’t make it safe.

This means that you shouldn’t really use any single words that are found in the dictionary,  any words connected to you (place of birth or pets' names), nor should you use any obvious ‘substitutions’ (eg pa55w0rd- more complicated variations are required) or patterns derived from your keyboard layout (eg ‘1qaz2wsx’ or ‘zxcvbnm’).

Read more: The 25 worst passwords revealed - is yours on the list?

It’s wise to use a variety of characters in your password (including upper and lower case as well as numbers) but an easy way to get more secure is to start thinking of your password as a passphrase.

The easiest way of increasing the difficulty of a password is by simply making it longer – so try combining multiple words together and then adding in numbers between them. 

You could pick a number of some significance to you (for example a loved one’s birthday, ie 12/08/1970) and then splicing this with a nonsensical phrase (‘shoesplittingwatchwizard’) to get a suitably difficulty password: Shoe12Splitting08Watch1970Wizard.

Other suggested methods for making a strong and memorable password include taking a sentence or a favourite line from a song as a starting point. So you might take the line "When you call my name it's like a little prayer" and turn it into wuCmNilaLP. Madonna is optional of course, but we think this a fun method - especially if you can work in numbers somewhere.

You should also use different passwords for your different accounts (perhaps the most difficult piece of advice to follow of all) and if you want to be really secure you should also set up two-step authentication where available.

PROMOTED VIDEO
Life and Style
ebooksA superb mix of recipes serving up the freshest of local produce in a delicious range of styles
Life and Style
ebooksFrom the lifespan of a slug to the distance to the Sun: answers to 500 questions from readers
Independent
Travel Shop
the manor
Up to 70% off luxury travel
on city breaks Find out more
santorini
Up to 70% off luxury travel
on chic beach resorts Find out more
sardina foodie
Up to 70% off luxury travel
on country retreats Find out more
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    C# Developer (Genetic Algorithms, .NET 4.5, TDD, SQL, AI)

    £40000 - £60000 per annum + Benefits + Bonus: Harrington Starr: C# Developer (...

    C# Full Stack Developer (.NET 4.0, ASP.NET, MVC, Ajax, WCF,SQL)

    £55000 - £65000 per annum + Benefits + Bonus: Harrington Starr: C# Full Stack ...

    Web Analyst – Permanent – West Sussex – Up to £43k

    £35000 - £43000 Per Annum plus excellent benefits: Clearwater People Solutions...

    Internal Project Manager - Business Analyst, Financial Services

    £40000 - £45000 per annum: Harrington Starr: One of the best known and most pr...

    Day In a Page

    Middle East crisis: We know all too much about the cruelty of Isis – but all too little about who they are

    We know all too much about the cruelty of Isis – but all too little about who they are

    Now Obama has seen the next US reporter to be threatened with beheading, will he blink, asks Robert Fisk
    Neanderthals lived alongside humans for centuries, latest study shows

    Final resting place of our Neanderthal neighbours revealed

    Bones dated to 40,000 years ago show species may have died out in Belgium species co-existed
    Scottish independence: The new Scots who hold fate of the UK in their hands

    The new Scots who hold fate of the UK in their hands

    Scotland’s immigrants are as passionate about the future of their adopted nation as anyone else
    Culture Minister Ed Vaizey: ‘lack of ethnic minority and black faces on TV is weird’

    'Lack of ethnic minority and black faces on TV is weird'

    Culture Minister Ed Vaizey calls for immediate action to address the problem
    7 best quadcopters and drones

    Flying fun: 7 best quadcopters and drones

    From state of the art devices with stabilised cameras to mini gadgets that can soar around the home, we take some flying objects for a spin
    Andy Murray: I quit while I’m ahead too often

    Andy Murray: I quit while I’m ahead too often

    British No 1 knows his consistency as well as his fitness needs working on as he prepares for the US Open after a ‘very, very up and down’ year
    Ferguson: In the heartlands of America, a descent into madness

    A descent into madness in America's heartlands

    David Usborne arrived in Ferguson, Missouri to be greeted by a scene more redolent of Gaza and Afghanistan
    BBC’s filming of raid at Sir Cliff’s home ‘may be result of corruption’

    BBC faces corruption allegation over its Sir Cliff police raid coverage

    Reporter’s relationship with police under scrutiny as DG is summoned by MPs to explain extensive live broadcast of swoop on singer’s home
    Lauded therapist Harley Mille still in limbo as battle to stay in Britain drags on

    Lauded therapist still in limbo as battle to stay in Britain drags on

    Australian Harley Miller is as frustrated by court delays as she is with the idiosyncrasies of immigration law
    Lewis Fry Richardson's weather forecasts changed the world. But could his predictions of war do the same?

    Lewis Fry Richardson's weather forecasts changed the world...

    But could his predictions of war do the same?
    Kate Bush asks fans not to take photos at her London gigs: 'I want to have contact with the audience, not iPhones'

    'I want to have contact with the audience, not iPhones'

    Kate Bush asks fans not to take photos at her London gigs
    Under-35s have rated gardening in their top five favourite leisure activities, but why?

    Young at hort

    Under-35s have rated gardening in their top five favourite leisure activities. But why are so many people are swapping sweaty clubs for leafy shrubs?
    Tim Vine, winner of the Funniest Joke of the Fringe award: 'making a quip as funny as possible is an art'

    Beyond a joke

    Tim Vine, winner of the Funniest Joke of the Fringe award, has nigh-on 200 in his act. So how are they conceived?
    The late Peter O'Toole shines in 'Katherine of Alexandria' despite illness

    The late Peter O'Toole shines in 'Katherine of Alexandria' despite illness

    Sadly though, the Lawrence of Arabia star is not around to lend his own critique
    Wicken Fen in Cambridgeshire: The joy of camping in a wetland nature reserve and sleeping under the stars

    A wild night out

    Wicken Fen in Cambridgeshire offers a rare chance to camp in a wetland nature reserve