Heartbleed bug: Am I at risk? Do I really need to change my password?

The encryption flaw described as 'catastrophic' by experts has rocked the web, read on to find out which sites and services are affected - and what you can do

The discovery of Heartbleed, a flaw in one of the most widespread encryption standards used online, has panicked webmasters and users alike.

The bug has gone unnoticed for more than two years and could have potentially given hackers access to an unlimited array of secure data – everything from passwords and login details to credit card numbers and addresses.

Read more: What is Heartbleed?  'On the scale of 1 to 10, this is an 11'

Although it’s difficult to say exactly how many websites have been exposed, the lower estimates are around 500 million with a large number of major web companies (Google, Facebook, Yahoo, etc) all forced to update their software to protect against the bug.

However, there have been quite a lot of mixed messages as to whether or not users should change their passwords, with some outlets urging that you should create new ones immediately while others are advising that you wait.

To add to the confusion there’s also been reports of hackers sending out phishing emails related to Heartbleed - in order to trick users into giving up passwords that have yet to be compromised. Be on the look out for these and don't follow any links in suspicious looking emails - if you want to change a password go to the site directly.

The Heartbleed bug: Because now software flaws come with their own logos

Which sites are affected?

Most Google sites and services (including Gmail and YouTube - but not Chrome) were affected, as were sites maintained by Yahoo (including Tumblr and Flickr). Facebook was also hit by the bug although Twitter and LinkedIn were not.

Other big sites that have confirmed that they weren’t affected include Amazon, Hotmail and Outlook, eBay, PayPal and all of Apple’s properties – including iCloud and iTunes.  If you want to check whether or not a site you use is still affected then you can do so here – just enter the URL.

Another big worry is for online banking, but thankfully we have some good news in that department. Lloyds, HSBC, RBS, Natwest, Santander and the Co-Op have all confirmed that they were not affected by the bug (they were using different encryption standards). Barclays has yet to issue a statement.

However, this does not mean that your credit card details are completely safe – as they could have been compromised via your Gmail or another third-party site. The security of mobile banking apps is still a developing situation as well.

Gmail was among the sites affected.

So do I need to change my passwords?

In a word: yes.  For the sites we’ve listed above as being affected (including Gmail, Yahoo, Tumblr, Flickr, Facebook) it definitely won't hurt to change your password some time in the next couple of weeks.

Although security experts have warned that you shouldn't be too quick to change passwords, this is because not all website have patched their servers and changing your password before this happens could make matters worse. The sites we've listed above have patched their servers and if you want to check one we've not mentioned - click here and enter the URL.

Unfortunately, some sites (including Google) have specifically said that users don't need to change their passwords. While it's true that some sites are confident that they fixed the bug a while back, as most of us are guilty of changing our passwords less frequently than we should do (aka never) we think that this is as good an opportunity as ever to be a bit more security-conscious.

If you can't remember your password, trying leaving a subtle hint.

What should my new password be?

In lists of the most frequently used passwords online there’s some obvious clangers that we know you’re too smart to use (these include old stand-bys such as ‘123456’ and ‘password’ itself) but just because a password doesn’t look obvious to you that doesn’t make it safe.

This means that you shouldn’t really use any single words that are found in the dictionary,  any words connected to you (place of birth or pets' names), nor should you use any obvious ‘substitutions’ (eg pa55w0rd- more complicated variations are required) or patterns derived from your keyboard layout (eg ‘1qaz2wsx’ or ‘zxcvbnm’).

Read more: The 25 worst passwords revealed - is yours on the list?

It’s wise to use a variety of characters in your password (including upper and lower case as well as numbers) but an easy way to get more secure is to start thinking of your password as a passphrase.

The easiest way of increasing the difficulty of a password is by simply making it longer – so try combining multiple words together and then adding in numbers between them. 

You could pick a number of some significance to you (for example a loved one’s birthday, ie 12/08/1970) and then splicing this with a nonsensical phrase (‘shoesplittingwatchwizard’) to get a suitably difficulty password: Shoe12Splitting08Watch1970Wizard.

Other suggested methods for making a strong and memorable password include taking a sentence or a favourite line from a song as a starting point. So you might take the line "When you call my name it's like a little prayer" and turn it into wuCmNilaLP. Madonna is optional of course, but we think this a fun method - especially if you can work in numbers somewhere.

You should also use different passwords for your different accounts (perhaps the most difficult piece of advice to follow of all) and if you want to be really secure you should also set up two-step authentication where available.

Voices
Hunted: A stag lies dead on Jura, where David Cameron holidays and has himself stalked deer
voicesThe Scotland I know is becoming a playground for the rich
News
Russell Brand has written a book of political analysis called Revolution
peopleFilm star says he is 'not interested in making money anymore'
Arts and Entertainment
Benedict Cumberbatch has refused to deny his involvement in the upcoming new Star Wars film
filmBenedict Cumberbatch reignites those Star Wars rumours
News
newsMcKamey Manor says 'there is no escape until the tour is completed'
PROMOTED VIDEO
Life and Style
ebooksA superb mix of recipes serving up the freshest of local produce in a delicious range of styles
Life and Style
ebooksFrom the lifespan of a slug to the distance to the Sun: answers to 500 questions from readers
Arts and Entertainment
Jessica Chastain during an interview in Los Angeles.
filmsOscar hopeful Jessica Chastain reveals the secret to her breakthrough success
News
people

Britain First criticised for using actress's memory to draw attention to their 'hate-filled home page'

News
news
Life and Style
Meow! ... Again, Kim Kardashian goes for a sexy Halloween costume, wrapping her body with a latex catsuit and high heeled knee boots
fashionFrom Heidi Klum to Kim Kardashian
News
news

Emergency call 'started off dumb, but got pretty serious'

Arts and Entertainment
On The Apprentice, “serious” left the room many moons ago and yet still we watch
tv

Greatest mystery about the hit BBC1 show is how it continues to be made at all, writes Grace Dent

News
i100
Arts and Entertainment
JK Rowling is releasing a new Harry Potter story about Dolores Umbridge
booksChristmas comes early for wizard fans
Arts and Entertainment
filmsOculus Rift offers breathtakingly realistic simulation of zero gravity
Sport
footballAccording to revelations from Sergio Aguero's new biography
Life and Style
tech

Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    Business Analyst - Surrey - Permanent - Up to £50k DOE

    £40000 - £50000 Per Annum Excellent benefits: Clearwater People Solutions Ltd:...

    ***ASP.NET Developer - Cheshire - £35k - Permanent***

    £30000 - £35000 Per Annum Excellent benefits: Clearwater People Solutions Ltd:...

    ***Solutions Architect*** - Brighton - £40k - Permanent

    £35000 - £40000 Per Annum Excellent benefits: Clearwater People Solutions Ltd:...

    Senior Software Engineer - C#, VB.Net, ASP.Net - Kingston, Sur

    £50000 - £60000 per annum: Ashdown Group: Senior Software Engineer - C#, VB.N...

    Day In a Page

    Wilko Johnson, now the bad news: musician splits with manager after police investigate assault claims

    Wilko Johnson, now the bad news

    Former Dr Feelgood splits with manager after police investigate assault claims
    Mark Udall: The Democrat Senator with a fight on his hands ahead of the US midterm elections

    Mark Udall: The Democrat Senator with a fight on his hands

    The Senator for Colorado is for gay rights, for abortion rights – and in the Republicans’ sights as they threaten to take control of the Senate next month
    New discoveries show more contact between far-flung prehistoric humans than had been thought

    New discoveries show more contact between far-flung prehistoric humans than had been thought

    Evidence found of contact between Easter Islanders and South America
    Cerys Matthews reveals how her uncle taped 150 interviews for a biography of Dylan Thomas

    Cerys Matthews on Dylan Thomas

    The singer reveals how her uncle taped 150 interviews for a biography of the famous Welsh poet
    DIY is not fun and we've finally realised this as a nation

    Homebase closures: 'DIY is not fun'

    Homebase has announced the closure of one in four of its stores. Nick Harding, who never did know his awl from his elbow, is glad to see the back of DIY
    The Battle of the Five Armies: Air New Zealand releases new Hobbit-inspired in-flight video

    Air New Zealand's wizard in-flight video

    The airline has released a new Hobbit-inspired clip dubbed "The most epic safety video ever made"
    Pumpkin spice is the flavour of the month - but can you stomach the sweetness?

    Pumpkin spice is the flavour of the month

    The combination of cinnamon, clove, nutmeg (and no actual pumpkin), now flavours everything from lattes to cream cheese in the US
    11 best sonic skincare brushes

    11 best sonic skincare brushes

    Forget the flannel - take skincare to the next level by using your favourite cleanser with a sonic facial brush
    Paul Scholes column: I'm not worried about Manchester United's defence - Chelsea test can be the making of Phil Jones and Marcos Rojo

    Paul Scholes column

    I'm not worried about Manchester United's defence - Chelsea test can be the making of Jones and Rojo
    Frank Warren: Boxing has its problems but in all my time I've never seen a crooked fight

    Frank Warren: Boxing has its problems but in all my time I've never seen a crooked fight

    While other sports are stalked by corruption, we are an easy target for the critics
    Jamie Roberts exclusive interview: 'I'm a man of my word – I'll stay in Paris'

    Jamie Roberts: 'I'm a man of my word – I'll stay in Paris'

    Wales centre says he’s not coming home but is looking to establish himself at Racing Métro
    How could three tourists have been battered within an inch of their lives by a burglar in a plush London hotel?

    A crime that reveals London's dark heart

    How could three tourists have been battered within an inch of their lives by a burglar in a plush London hotel?
    Meet 'Porridge' and 'Vampire': Chinese state TV is offering advice for citizens picking a Western moniker

    Lost in translation: Western monikers

    Chinese state TV is offering advice for citizens picking a Western moniker. Simon Usborne, who met a 'Porridge' and a 'Vampire' while in China, can see the problem
    Handy hacks that make life easier: New book reveals how to rid your inbox of spam, protect your passwords and amplify your iPhone

    Handy hacks that make life easier

    New book reveals how to rid your email inbox of spam, protect your passwords and amplify your iPhone with a loo-roll
    KidZania lets children try their hands at being a firefighter, doctor or factory worker for the day

    KidZania: It's a small world

    The new 'educational entertainment experience' in London's Shepherd's Bush will allow children to try out the jobs that are usually undertaken by adults, including firefighter, doctor or factory worker