Heartbleed bug: Am I at risk? Do I really need to change my password?

The encryption flaw described as 'catastrophic' by experts has rocked the web, read on to find out which sites and services are affected - and what you can do

The discovery of Heartbleed, a flaw in one of the most widespread encryption standards used online, has panicked webmasters and users alike.

The bug has gone unnoticed for more than two years and could have potentially given hackers access to an unlimited array of secure data – everything from passwords and login details to credit card numbers and addresses.

Read more: What is Heartbleed?  'On the scale of 1 to 10, this is an 11'

Although it’s difficult to say exactly how many websites have been exposed, the lower estimates are around 500 million with a large number of major web companies (Google, Facebook, Yahoo, etc) all forced to update their software to protect against the bug.

However, there have been quite a lot of mixed messages as to whether or not users should change their passwords, with some outlets urging that you should create new ones immediately while others are advising that you wait.

To add to the confusion there’s also been reports of hackers sending out phishing emails related to Heartbleed - in order to trick users into giving up passwords that have yet to be compromised. Be on the look out for these and don't follow any links in suspicious looking emails - if you want to change a password go to the site directly.

The Heartbleed bug: Because now software flaws come with their own logos

Which sites are affected?

Most Google sites and services (including Gmail and YouTube - but not Chrome) were affected, as were sites maintained by Yahoo (including Tumblr and Flickr). Facebook was also hit by the bug although Twitter and LinkedIn were not.

Other big sites that have confirmed that they weren’t affected include Amazon, Hotmail and Outlook, eBay, PayPal and all of Apple’s properties – including iCloud and iTunes.  If you want to check whether or not a site you use is still affected then you can do so here – just enter the URL.

Another big worry is for online banking, but thankfully we have some good news in that department. Lloyds, HSBC, RBS, Natwest, Santander and the Co-Op have all confirmed that they were not affected by the bug (they were using different encryption standards). Barclays has yet to issue a statement.

However, this does not mean that your credit card details are completely safe – as they could have been compromised via your Gmail or another third-party site. The security of mobile banking apps is still a developing situation as well.

Gmail was among the sites affected.

So do I need to change my passwords?

In a word: yes.  For the sites we’ve listed above as being affected (including Gmail, Yahoo, Tumblr, Flickr, Facebook) it definitely won't hurt to change your password some time in the next couple of weeks.

Although security experts have warned that you shouldn't be too quick to change passwords, this is because not all website have patched their servers and changing your password before this happens could make matters worse. The sites we've listed above have patched their servers and if you want to check one we've not mentioned - click here and enter the URL.

Unfortunately, some sites (including Google) have specifically said that users don't need to change their passwords. While it's true that some sites are confident that they fixed the bug a while back, as most of us are guilty of changing our passwords less frequently than we should do (aka never) we think that this is as good an opportunity as ever to be a bit more security-conscious.

If you can't remember your password, trying leaving a subtle hint.

What should my new password be?

In lists of the most frequently used passwords online there’s some obvious clangers that we know you’re too smart to use (these include old stand-bys such as ‘123456’ and ‘password’ itself) but just because a password doesn’t look obvious to you that doesn’t make it safe.

This means that you shouldn’t really use any single words that are found in the dictionary,  any words connected to you (place of birth or pets' names), nor should you use any obvious ‘substitutions’ (eg pa55w0rd- more complicated variations are required) or patterns derived from your keyboard layout (eg ‘1qaz2wsx’ or ‘zxcvbnm’).

Read more: The 25 worst passwords revealed - is yours on the list?

It’s wise to use a variety of characters in your password (including upper and lower case as well as numbers) but an easy way to get more secure is to start thinking of your password as a passphrase.

The easiest way of increasing the difficulty of a password is by simply making it longer – so try combining multiple words together and then adding in numbers between them. 

You could pick a number of some significance to you (for example a loved one’s birthday, ie 12/08/1970) and then splicing this with a nonsensical phrase (‘shoesplittingwatchwizard’) to get a suitably difficulty password: Shoe12Splitting08Watch1970Wizard.

Other suggested methods for making a strong and memorable password include taking a sentence or a favourite line from a song as a starting point. So you might take the line "When you call my name it's like a little prayer" and turn it into wuCmNilaLP. Madonna is optional of course, but we think this a fun method - especially if you can work in numbers somewhere.

You should also use different passwords for your different accounts (perhaps the most difficult piece of advice to follow of all) and if you want to be really secure you should also set up two-step authentication where available.

Life and Style
ebookNow available in paperback
ebooks
ebookA delicious collection of 50 meaty main courses
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
SPONSORED FEATURES
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    Recruitment Genius: 1st Line Technical Support Engineer

    £19000 - £23000 per annum: Recruitment Genius: This IT and Telecoms company ar...

    Recruitment Genius: Client Services Administrator - IT Industry

    £18000 - £24000 per annum: Recruitment Genius: A leading provider of ICT servi...

    Recruitment Genius: 1st / 2nd Line Technical Support Advisor - Up to £26K inc bonus

    £20230 - £26000 per annum: Recruitment Genius: Are you looking for a career in...

    Recruitment Genius: Marketing Assistant

    £13500 - £15000 per annum: Recruitment Genius: This IT and Telecoms company is...

    Day In a Page

    The Silk Roads that trace civilisation: Long before the West rose to power, Asian pathways were connecting peoples and places

    The Silk Roads that trace civilisation

    Long before the West rose to power, Asian pathways were connecting peoples and places
    House of Lords: Outcry as donors, fixers and MPs caught up in expenses scandal are ennobled

    The honours that shame Britain

    Outcry as donors, fixers and MPs caught up in expenses scandal are ennobled
    When it comes to street harassment, we need to talk about race

    'When it comes to street harassment, we need to talk about race'

    Why are black men living the stereotypes and why are we letting them get away with it?
    International Tap Festival: Forget Fred Astaire and Ginger Rogers - this dancing is improvised, spontaneous and rhythmic

    International Tap Festival comes to the UK

    Forget Fred Astaire and Ginger Rogers - this dancing is improvised, spontaneous and rhythmic
    War with Isis: Is Turkey's buffer zone in Syria a matter of self-defence – or just anti-Kurd?

    Turkey's buffer zone in Syria: self-defence – or just anti-Kurd?

    Ankara accused of exacerbating racial division by allowing Turkmen minority to cross the border
    Doris Lessing: Acclaimed novelist was kept under MI5 observation for 18 years, newly released papers show

    'A subversive brothel keeper and Communist'

    Acclaimed novelist Doris Lessing was kept under MI5 observation for 18 years, newly released papers show
    Big Blue Live: BBC's Springwatch offshoot swaps back gardens for California's Monterey Bay

    BBC heads to the Californian coast

    The Big Blue Live crew is preparing for the first of three episodes on Sunday night, filming from boats, planes and an aquarium studio
    Austin Bidwell: The Victorian fraudster who shook the Bank of England with the most daring forgery the world had known

    Victorian fraudster who shook the Bank of England

    Conman Austin Bidwell. was a heartless cad who carried out the most daring forgery the world had known
    Car hacking scandal: Security designed to stop thieves hot-wiring almost every modern motor has been cracked

    Car hacking scandal

    Security designed to stop thieves hot-wiring almost every modern motor has been cracked
    10 best placemats

    Take your seat: 10 best placemats

    Protect your table and dine in style with a bold new accessory
    Ashes 2015: Alastair Cook not the only one to be caught in The Oval mindwarp

    Cook not the only one to be caught in The Oval mindwarp

    Aussie skipper Michael Clarke was lured into believing that what we witnessed at Edgbaston and Trent Bridge would continue in London, says Kevin Garside
    Can Rafael Benitez get the best out of Gareth Bale at Real Madrid?

    Can Benitez get the best out of Bale?

    Back at the club he watched as a boy, the pressure is on Benitez to find a winning blend from Real's multiple talents. As La Liga begins, Pete Jenson asks if it will be enough to stop Barcelona
    Athletics World Championships 2015: Beijing witnesses new stage in the Jessica Ennis-Hill and Katarina Johnson-Thompson heptathlon rivalry

    Beijing witnesses new stage in the Jess and Kat rivalry

    The last time the two British heptathletes competed, Ennis-Hill was on the way to Olympic gold and Johnson-Thompson was just a promising teenager. But a lot has happened in the following three years
    Jeremy Corbyn: Joining a shrewd operator desperate for power as he visits the North East

    Jeremy Corbyn interview: A shrewd operator desperate for power

    His radical anti-austerity agenda has caught the imagination of the left and politically disaffected and set a staid Labour leadership election alight
    Isis executes Palmyra antiquities chief: Defender of ancient city's past was killed for protecting its future

    Isis executes Palmyra antiquities chief

    Robert Fisk on the defender of the ancient city's past who was killed for protecting its future