Heartbleed bug: Am I at risk? Do I really need to change my password?

The encryption flaw described as 'catastrophic' by experts has rocked the web, read on to find out which sites and services are affected - and what you can do

The discovery of Heartbleed, a flaw in one of the most widespread encryption standards used online, has panicked webmasters and users alike.

The bug has gone unnoticed for more than two years and could have potentially given hackers access to an unlimited array of secure data – everything from passwords and login details to credit card numbers and addresses.

Read more: What is Heartbleed?  'On the scale of 1 to 10, this is an 11'

Although it’s difficult to say exactly how many websites have been exposed, the lower estimates are around 500 million with a large number of major web companies (Google, Facebook, Yahoo, etc) all forced to update their software to protect against the bug.

However, there have been quite a lot of mixed messages as to whether or not users should change their passwords, with some outlets urging that you should create new ones immediately while others are advising that you wait.

To add to the confusion there’s also been reports of hackers sending out phishing emails related to Heartbleed - in order to trick users into giving up passwords that have yet to be compromised. Be on the look out for these and don't follow any links in suspicious looking emails - if you want to change a password go to the site directly.

The Heartbleed bug: Because now software flaws come with their own logos

Which sites are affected?

Most Google sites and services (including Gmail and YouTube - but not Chrome) were affected, as were sites maintained by Yahoo (including Tumblr and Flickr). Facebook was also hit by the bug although Twitter and LinkedIn were not.

Other big sites that have confirmed that they weren’t affected include Amazon, Hotmail and Outlook, eBay, PayPal and all of Apple’s properties – including iCloud and iTunes.  If you want to check whether or not a site you use is still affected then you can do so here – just enter the URL.

Another big worry is for online banking, but thankfully we have some good news in that department. Lloyds, HSBC, RBS, Natwest, Santander and the Co-Op have all confirmed that they were not affected by the bug (they were using different encryption standards). Barclays has yet to issue a statement.

However, this does not mean that your credit card details are completely safe – as they could have been compromised via your Gmail or another third-party site. The security of mobile banking apps is still a developing situation as well.

Gmail was among the sites affected.

So do I need to change my passwords?

In a word: yes.  For the sites we’ve listed above as being affected (including Gmail, Yahoo, Tumblr, Flickr, Facebook) it definitely won't hurt to change your password some time in the next couple of weeks.

Although security experts have warned that you shouldn't be too quick to change passwords, this is because not all website have patched their servers and changing your password before this happens could make matters worse. The sites we've listed above have patched their servers and if you want to check one we've not mentioned - click here and enter the URL.

Unfortunately, some sites (including Google) have specifically said that users don't need to change their passwords. While it's true that some sites are confident that they fixed the bug a while back, as most of us are guilty of changing our passwords less frequently than we should do (aka never) we think that this is as good an opportunity as ever to be a bit more security-conscious.

If you can't remember your password, trying leaving a subtle hint.

What should my new password be?

In lists of the most frequently used passwords online there’s some obvious clangers that we know you’re too smart to use (these include old stand-bys such as ‘123456’ and ‘password’ itself) but just because a password doesn’t look obvious to you that doesn’t make it safe.

This means that you shouldn’t really use any single words that are found in the dictionary,  any words connected to you (place of birth or pets' names), nor should you use any obvious ‘substitutions’ (eg pa55w0rd- more complicated variations are required) or patterns derived from your keyboard layout (eg ‘1qaz2wsx’ or ‘zxcvbnm’).

Read more: The 25 worst passwords revealed - is yours on the list?

It’s wise to use a variety of characters in your password (including upper and lower case as well as numbers) but an easy way to get more secure is to start thinking of your password as a passphrase.

The easiest way of increasing the difficulty of a password is by simply making it longer – so try combining multiple words together and then adding in numbers between them. 

You could pick a number of some significance to you (for example a loved one’s birthday, ie 12/08/1970) and then splicing this with a nonsensical phrase (‘shoesplittingwatchwizard’) to get a suitably difficulty password: Shoe12Splitting08Watch1970Wizard.

Other suggested methods for making a strong and memorable password include taking a sentence or a favourite line from a song as a starting point. So you might take the line "When you call my name it's like a little prayer" and turn it into wuCmNilaLP. Madonna is optional of course, but we think this a fun method - especially if you can work in numbers somewhere.

You should also use different passwords for your different accounts (perhaps the most difficult piece of advice to follow of all) and if you want to be really secure you should also set up two-step authentication where available.

News
people
News
people And here is why...
News
peopleStella McCartney apologises over controversial Instagram picture
Life and Style
Laid bare: the Good2Go app ensures people have a chance to make their intentions clear about having sex
techCould Good2Go end disputes about sexual consent - without being a passion-killer?
PROMOTED VIDEO
Life and Style
ebooksA superb mix of recipes serving up the freshest of local produce in a delicious range of styles
Life and Style
ebooksFrom the lifespan of a slug to the distance to the Sun: answers to 500 questions from readers
Arts and Entertainment
Richard Burr remains the baker to beat on the Great British Bake Off
tvRichard remains the baker to beat as Chetna begins to flake
News
i100
Sport
footballArsenal 4 Galatasaray 1: Wenger celebrates 18th anniversary in style
Arts and Entertainment
Amazon has added a cautionary warning to Tom and Jerry cartoons on its streaming service
tv
News
people
News
The village was originally named Llansanffraid-ym-Mechain after the Celtic female Saint Brigit, but the name was changed 150 years ago to Llansantffraid – a decision which suggests the incorrect gender of the saint
newsWelsh town changes its name, but can you spot the difference?
Arts and Entertainment
Kristen Scott Thomas in Electra at the Old Vic
theatreReview: Kristin Scott Thomas is magnificent in a five-star performance of ‘Electra’
News
Destructive discourse: Jewish boys look at anti-Semitic graffiti sprayed on to the walls of the synagogue in March 2006, near Tel Aviv
peopleAt the start of Yom Kippur and with anti-Semitism flourishing, one Jew can no longer ignore his identity
Life and Style
Couples who boast about their relationship have been condemned as the most annoying Facebook users
tech
Arts and Entertainment
Hayley Williams performs with Paramore in New York
musicParamore singer says 'Steal Your Girl' is itself stolen from a New Found Glory hit
News
i100
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    Trainee Recruitment Consultant

    £18000 - £23000 per annum + OTE: SThree: Real Staffing Group is seeking Traine...

    QA/BA - Agile

    £400 Per Day: Clearwater People Solutions Ltd: Our client are currently seekin...

    Senior Infrastructure Engineer - Server, Networks

    £40000 - £55000 per annum + Benefits: Ashdown Group: Senior Infrastructure En...

    Application Support Analyst - Service Desk - Central London

    £30000 - £35000 per annum + Benefits: Ashdown Group: Application Support Analy...

    Day In a Page

    Italian couples fake UK divorce scam on an ‘industrial scale’

    Welcome to Maidenhead, the divorce capital of... Italy

    A look at the the legal tourists who exploited our liberal dissolution rules
    Time to stop running: At the start of Yom Kippur and with anti-Semitism flourishing, one Jew can no longer ignore his identity

    Time to stop running

    At the start of Yom Kippur and with anti-Semitism flourishing, one Jew can no longer ignore his identity
    Tom and Jerry cartoons now carry a 'racial prejudice' warning on Amazon

    Tom and Jerry cartoons now carry a 'racial prejudice' warning on Amazon

    The vintage series has often been criticised for racial stereotyping
    An app for the amorous: Could Good2Go end disputes about sexual consent - without being a passion-killer?

    An app for the amorous

    Could Good2Go end disputes about sexual consent - without being a passion-killer?
    Llansanffraid is now Llansantffraid. Welsh town changes its name, but can you spot the difference?

    Llansanffraid is now Llansantffraid

    Welsh town changes its name, but can you spot the difference?
    Charlotte Riley: At the peak of her powers

    Charlotte Riley: At the peak of her powers

    After a few early missteps with Chekhov, her acting career has taken her to Hollywood. Next up is a role in the BBC’s gangster drama ‘Peaky Blinders’
    She's having a laugh: Britain's female comedians have never had it so good

    She's having a laugh

    Britain's female comedians have never had it so good, says stand-up Natalie Haynes
    Sistine Chapel to ‘sing’ with new LED lights designed to bring Michelangelo’s masterpiece out of the shadows

    Let there be light

    Sistine Chapel to ‘sing’ with new LEDs designed to bring Michelangelo’s masterpiece out of the shadows
    Great British Bake Off, semi-final, review: Richard remains the baker to beat

    Tensions rise in Bake Off's pastry week

    Richard remains the baker to beat as Chetna begins to flake
    Paris Fashion Week, spring/summer 2015: Time travel fashion at Louis Vuitton in Paris

    A look to the future

    It's time travel fashion at Louis Vuitton in Paris
    The 10 best bedspreads

    The 10 best bedspreads

    Before you up the tog count on your duvet, add an extra layer and a room-changing piece to your bed this autumn
    Arsenal vs Galatasaray: Five things we learnt from the Emirates

    Arsenal vs Galatasaray

    Five things we learnt from the Gunners' Champions League victory at the Emirates
    Stuart Lancaster’s long-term deal makes sense – a rarity for a decision taken by the RFU

    Lancaster’s long-term deal makes sense – a rarity for a decision taken by the RFU

    This deal gives England a head-start to prepare for 2019 World Cup, says Chris Hewett
    Ebola outbreak: The children orphaned by the virus – then rejected by surviving relatives over fear of infection

    The children orphaned by Ebola...

    ... then rejected by surviving relatives over fear of infection
    Pride: Are censors pandering to homophobia?

    Are censors pandering to homophobia?

    US film censors have ruled 'Pride' unfit for under-16s, though it contains no sex or violence