Heartbleed bug: Am I at risk? Do I really need to change my password?

The encryption flaw described as 'catastrophic' by experts has rocked the web, read on to find out which sites and services are affected - and what you can do

The discovery of Heartbleed, a flaw in one of the most widespread encryption standards used online, has panicked webmasters and users alike.

The bug has gone unnoticed for more than two years and could have potentially given hackers access to an unlimited array of secure data – everything from passwords and login details to credit card numbers and addresses.

Read more: What is Heartbleed?  'On the scale of 1 to 10, this is an 11'

Although it’s difficult to say exactly how many websites have been exposed, the lower estimates are around 500 million with a large number of major web companies (Google, Facebook, Yahoo, etc) all forced to update their software to protect against the bug.

However, there have been quite a lot of mixed messages as to whether or not users should change their passwords, with some outlets urging that you should create new ones immediately while others are advising that you wait.

To add to the confusion there’s also been reports of hackers sending out phishing emails related to Heartbleed - in order to trick users into giving up passwords that have yet to be compromised. Be on the look out for these and don't follow any links in suspicious looking emails - if you want to change a password go to the site directly.

The Heartbleed bug: Because now software flaws come with their own logos

Which sites are affected?

Most Google sites and services (including Gmail and YouTube - but not Chrome) were affected, as were sites maintained by Yahoo (including Tumblr and Flickr). Facebook was also hit by the bug although Twitter and LinkedIn were not.

Other big sites that have confirmed that they weren’t affected include Amazon, Hotmail and Outlook, eBay, PayPal and all of Apple’s properties – including iCloud and iTunes.  If you want to check whether or not a site you use is still affected then you can do so here – just enter the URL.

Another big worry is for online banking, but thankfully we have some good news in that department. Lloyds, HSBC, RBS, Natwest, Santander and the Co-Op have all confirmed that they were not affected by the bug (they were using different encryption standards). Barclays has yet to issue a statement.

However, this does not mean that your credit card details are completely safe – as they could have been compromised via your Gmail or another third-party site. The security of mobile banking apps is still a developing situation as well.

Gmail was among the sites affected.

So do I need to change my passwords?

In a word: yes.  For the sites we’ve listed above as being affected (including Gmail, Yahoo, Tumblr, Flickr, Facebook) it definitely won't hurt to change your password some time in the next couple of weeks.

Although security experts have warned that you shouldn't be too quick to change passwords, this is because not all website have patched their servers and changing your password before this happens could make matters worse. The sites we've listed above have patched their servers and if you want to check one we've not mentioned - click here and enter the URL.

Unfortunately, some sites (including Google) have specifically said that users don't need to change their passwords. While it's true that some sites are confident that they fixed the bug a while back, as most of us are guilty of changing our passwords less frequently than we should do (aka never) we think that this is as good an opportunity as ever to be a bit more security-conscious.

If you can't remember your password, trying leaving a subtle hint.

What should my new password be?

In lists of the most frequently used passwords online there’s some obvious clangers that we know you’re too smart to use (these include old stand-bys such as ‘123456’ and ‘password’ itself) but just because a password doesn’t look obvious to you that doesn’t make it safe.

This means that you shouldn’t really use any single words that are found in the dictionary,  any words connected to you (place of birth or pets' names), nor should you use any obvious ‘substitutions’ (eg pa55w0rd- more complicated variations are required) or patterns derived from your keyboard layout (eg ‘1qaz2wsx’ or ‘zxcvbnm’).

Read more: The 25 worst passwords revealed - is yours on the list?

It’s wise to use a variety of characters in your password (including upper and lower case as well as numbers) but an easy way to get more secure is to start thinking of your password as a passphrase.

The easiest way of increasing the difficulty of a password is by simply making it longer – so try combining multiple words together and then adding in numbers between them. 

You could pick a number of some significance to you (for example a loved one’s birthday, ie 12/08/1970) and then splicing this with a nonsensical phrase (‘shoesplittingwatchwizard’) to get a suitably difficulty password: Shoe12Splitting08Watch1970Wizard.

Other suggested methods for making a strong and memorable password include taking a sentence or a favourite line from a song as a starting point. So you might take the line "When you call my name it's like a little prayer" and turn it into wuCmNilaLP. Madonna is optional of course, but we think this a fun method - especially if you can work in numbers somewhere.

You should also use different passwords for your different accounts (perhaps the most difficult piece of advice to follow of all) and if you want to be really secure you should also set up two-step authentication where available.

PROMOTED VIDEO
Life and Style
ebookA wonderful selection of salads, starters and mains featuring venison, grouse and other game
News
A 1930 image of the Karl Albrecht Spiritousen and Lebensmittel shop, Essen. The shop was opened by Karl and Theo Albrecht’s mother; the brothers later founded Aldi
people
News
Lane Del Rey performing on the Pyramid Stage at Glastonbury 2014
people... but none of them helped me get a record deal, insists Lana Del Rey
Life and Style
fashion Designs are part of feminist art project by a British student
Arts and Entertainment
Dwayne 'The Rock' Johnson stars in Hercules
filmReview: The Rock is a muscular Davy Crockett in this preposterous film, says Geoffrey Macnab
News
i100
Arts and Entertainment
British author Howard Jacobson has been long-listed for the Man Booker Prize
books
Life and Style
tech
Arts and Entertainment
Standing the test of time: Michael J Fox and Christopher Lloyd in 'Back to the Future'
filmA cult movie event aims to immerse audiences of 80,000 in ‘Back to the Future’. But has it lost its magic?
Sport
Louis van Gaal watches over Nani
transfers
Arts and Entertainment
Flora Spencer-Longhurst as Lavinia, William Houston as Titus Andronicus and Dyfan Dwyfor as Lucius
theatreThe Shakespeare play that proved too much for more than 100 people
News
exclusivePunk icon Viv Albertine on Sid Vicious, complacent white men, and why free love led to rape
Sport
New Real Madrid signing James Rodríguez with club president Florentino Perez
transfersColombian World Cup star completes £63m move to Spain
Arts and Entertainment
Stir crazy: Noel Fielding in 'Luxury Comedy 2: Tales from Painted Hawaii'
comedyAs ‘Luxury Comedy’ returns, Noel Fielding on why mainstream success scares him and what the future holds for 'The Boosh'
Life and Style
Flow chart: Karl Landsteiner discovered blood types in 1900, yet scientists have still not come up with an explanation for their existence
lifeAll of us have one. Yet even now, it’s a matter of debate what they’re for
Arts and Entertainment
'Weird Al' Yankovic, or Alfred Matthew, at the 2014 Los Angeles Film Festival Screening of
musicHis latest video is an ode to good grammar. But what do our experts think he’s missed out?
Travel
Hotel Tour d’Auvergne in Paris launches pay-what-you-want
travelIt seems fraught with financial risk, but the policy has its benefits
Arts and Entertainment
booksThe best children's books for this summer
Independent
Travel Shop
the manor
Up to 70% off luxury travel
on city breaks Find out more
santorini
Up to 70% off luxury travel
on chic beach resorts Find out more
sardina foodie
Up to 70% off luxury travel
on country retreats Find out more
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    Microsoft Dynamics AX Support Developer

    £50000 per annum + benefits: Progressive Recruitment: A unique and rare opport...

    Associate Recruitment Consultant

    £18000 - £23000 per annum + OTE: SThree: SThree are a global FTSE 250 business...

    Associate Recruitment Consultant

    £18000 - £23000 per annum + OTE: SThree: SThree are a global FTSE 250 busine...

    Associate Recruitment Consultant

    £18000 - £23000 per annum + OTE: SThree: SThree are a global FTSE 250 business...

    Day In a Page

    Noel Fielding's 'Luxury Comedy': A land of the outright bizarre

    Noel Fielding's 'Luxury Comedy'

    A land of the outright bizarre
    What are the worst 'Word Crimes'?

    What are the worst 'Word Crimes'?

    ‘Weird Al’ Yankovic's latest video is an ode to good grammar. But what do The Independent’s experts think he’s missed out?
    Can Secret Cinema sell 80,000 'Back to the Future' tickets?

    The worst kept secret in cinema

    A cult movie event aims to immerse audiences of 80,000 in ‘Back to the Future’. But has it lost its magic?
    Facebook: The new hatched, matched and dispatched

    The new hatched, matched and dispatched

    Family events used to be marked in the personal columns. But now Facebook has usurped the ‘Births, Deaths and Marriages’ announcements
    Why do we have blood types?

    Are you my type?

    All of us have one but probably never wondered why. Yet even now, a century after blood types were discovered, it’s a matter of debate what they’re for
    Honesty box hotels: You decide how much you pay

    Honesty box hotels

    Five hotels in Paris now allow guests to pay only what they think their stay was worth. It seems fraught with financial risk, but the honesty policy has its benefit
    Commonwealth Games 2014: Why weight of pressure rests easy on Michael Jamieson’s shoulders

    Michael Jamieson: Why weight of pressure rests easy on his shoulders

    The Scottish swimmer is ready for ‘the biggest race of my life’ at the Commonwealth Games
    Some are reformed drug addicts. Some are single mums. All are on benefits. But now these so-called 'scroungers’ are fighting back

    The 'scroungers’ fight back

    The welfare claimants battling to alter stereotypes
    Amazing video shows Nasa 'flame extinguishment experiment' in action

    Fireballs in space

    Amazing video shows Nasa's 'flame extinguishment experiment' in action
    A Bible for billionaires

    A Bible for billionaires

    Find out why America's richest men are reading John Brookes
    Paranoid parenting is on the rise - and our children are suffering because of it

    Paranoid parenting is on the rise

    And our children are suffering because of it
    For sale: Island where the Magna Carta was sealed

    Magna Carta Island goes on sale

    Yours for a cool £4m
    Phone hacking scandal special report: The slide into crime at the 'News of the World'

    The hacker's tale: the slide into crime at the 'News of the World'

    Glenn Mulcaire was jailed for six months for intercepting phone messages. James Hanning tells his story in a new book. This is an extract
    We flinch, but there are degrees of paedophilia

    We flinch, but there are degrees of paedophilia

    Child abusers are not all the same, yet the idea of treating them differently in relation to the severity of their crimes has somehow become controversial
    The truth about conspiracy theories is that some require considering

    The truth about conspiracy theories is that some require considering

    For instance, did Isis kill the Israeli teenagers to trigger a war, asks Patrick Cockburn