Heartbleed bug: Am I at risk? Do I really need to change my password?

The encryption flaw described as 'catastrophic' by experts has rocked the web, read on to find out which sites and services are affected - and what you can do

The discovery of Heartbleed, a flaw in one of the most widespread encryption standards used online, has panicked webmasters and users alike.

The bug has gone unnoticed for more than two years and could have potentially given hackers access to an unlimited array of secure data – everything from passwords and login details to credit card numbers and addresses.

Read more: What is Heartbleed?  'On the scale of 1 to 10, this is an 11'

Although it’s difficult to say exactly how many websites have been exposed, the lower estimates are around 500 million with a large number of major web companies (Google, Facebook, Yahoo, etc) all forced to update their software to protect against the bug.

However, there have been quite a lot of mixed messages as to whether or not users should change their passwords, with some outlets urging that you should create new ones immediately while others are advising that you wait.

To add to the confusion there’s also been reports of hackers sending out phishing emails related to Heartbleed - in order to trick users into giving up passwords that have yet to be compromised. Be on the look out for these and don't follow any links in suspicious looking emails - if you want to change a password go to the site directly.

The Heartbleed bug: Because now software flaws come with their own logos

Which sites are affected?

Most Google sites and services (including Gmail and YouTube - but not Chrome) were affected, as were sites maintained by Yahoo (including Tumblr and Flickr). Facebook was also hit by the bug although Twitter and LinkedIn were not.

Other big sites that have confirmed that they weren’t affected include Amazon, Hotmail and Outlook, eBay, PayPal and all of Apple’s properties – including iCloud and iTunes.  If you want to check whether or not a site you use is still affected then you can do so here – just enter the URL.

Another big worry is for online banking, but thankfully we have some good news in that department. Lloyds, HSBC, RBS, Natwest, Santander and the Co-Op have all confirmed that they were not affected by the bug (they were using different encryption standards). Barclays has yet to issue a statement.

However, this does not mean that your credit card details are completely safe – as they could have been compromised via your Gmail or another third-party site. The security of mobile banking apps is still a developing situation as well.

Gmail was among the sites affected.

So do I need to change my passwords?

In a word: yes.  For the sites we’ve listed above as being affected (including Gmail, Yahoo, Tumblr, Flickr, Facebook) it definitely won't hurt to change your password some time in the next couple of weeks.

Although security experts have warned that you shouldn't be too quick to change passwords, this is because not all website have patched their servers and changing your password before this happens could make matters worse. The sites we've listed above have patched their servers and if you want to check one we've not mentioned - click here and enter the URL.

Unfortunately, some sites (including Google) have specifically said that users don't need to change their passwords. While it's true that some sites are confident that they fixed the bug a while back, as most of us are guilty of changing our passwords less frequently than we should do (aka never) we think that this is as good an opportunity as ever to be a bit more security-conscious.

If you can't remember your password, trying leaving a subtle hint.

What should my new password be?

In lists of the most frequently used passwords online there’s some obvious clangers that we know you’re too smart to use (these include old stand-bys such as ‘123456’ and ‘password’ itself) but just because a password doesn’t look obvious to you that doesn’t make it safe.

This means that you shouldn’t really use any single words that are found in the dictionary,  any words connected to you (place of birth or pets' names), nor should you use any obvious ‘substitutions’ (eg pa55w0rd- more complicated variations are required) or patterns derived from your keyboard layout (eg ‘1qaz2wsx’ or ‘zxcvbnm’).

Read more: The 25 worst passwords revealed - is yours on the list?

It’s wise to use a variety of characters in your password (including upper and lower case as well as numbers) but an easy way to get more secure is to start thinking of your password as a passphrase.

The easiest way of increasing the difficulty of a password is by simply making it longer – so try combining multiple words together and then adding in numbers between them. 

You could pick a number of some significance to you (for example a loved one’s birthday, ie 12/08/1970) and then splicing this with a nonsensical phrase (‘shoesplittingwatchwizard’) to get a suitably difficulty password: Shoe12Splitting08Watch1970Wizard.

Other suggested methods for making a strong and memorable password include taking a sentence or a favourite line from a song as a starting point. So you might take the line "When you call my name it's like a little prayer" and turn it into wuCmNilaLP. Madonna is optional of course, but we think this a fun method - especially if you can work in numbers somewhere.

You should also use different passwords for your different accounts (perhaps the most difficult piece of advice to follow of all) and if you want to be really secure you should also set up two-step authentication where available.

Voices
voices
News
general electionThis quiz matches undecided voters with the best party for them
Arts and Entertainment
Keira Knightley and Matthew Macfadyen starred in the big screen adaptation of Austen's novel in 2005
tvStar says studios are forcing actors to get buff for period roles
News
Prince William and his wife Catherine, Duchess of Cambridge show their newly-born daughter, their second child, to the media outside the Lindo Wing at St Mary's Hospital in central London, on 2 May 2015.
news
Life and Style
ebookNow available in paperback
ebooks
ebookPart of The Independent’s new eBook series The Great Composers
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    Ashdown Group: Trainee Consultant - Surrey/ South West London

    £22000 per annum + pension,bonus,career progression: Ashdown Group: An establi...

    Ashdown Group: Trainee Consultant - Surrey / South West London

    £22000 per annum + pension,bonus,career progression: Ashdown Group: An establi...

    Ashdown Group: Recruitment Consultant / Account Manager - Surrey / SW London

    £40000 per annum + realistic targets: Ashdown Group: A thriving recruitment co...

    Ashdown Group: Helpdesk Analyst / Trainee Application Support Analyst - Essex

    £25000 per annum: Ashdown Group: A highly reputable business is looking to rec...

    Day In a Page

    Fishing for votes with Nigel Farage: The Ukip leader shows how he can work an audience as he casts his line to the disaffected of Grimsby

    Fishing is on Nigel Farage's mind

    Ukip leader casts a line to the disaffected
    Who is bombing whom in the Middle East? It's amazing they don't all hit each other

    Who is bombing whom in the Middle East?

    Robert Fisk untangles the countries and factions
    China's influence on fashion: At the top of the game both creatively and commercially

    China's influence on fashion

    At the top of the game both creatively and commercially
    Lord O’Donnell: Former cabinet secretary on the election and life away from the levers of power

    The man known as GOD has a reputation for getting the job done

    Lord O'Donnell's three principles of rule
    Rainbow shades: It's all bright on the night

    Rainbow shades

    It's all bright on the night
    'It was first time I had ever tasted chocolate. I kept a piece, and when Amsterdam was liberated, I gave it to the first Allied soldier I saw'

    Bread from heaven

    Dutch survivors thank RAF for World War II drop that saved millions
    Britain will be 'run for the wealthy and powerful' if Tories retain power - Labour

    How 'the Axe' helped Labour

    UK will be 'run for the wealthy and powerful' if Tories retain power
    Rare and exclusive video shows the horrific price paid by activists for challenging the rule of jihadist extremists in Syria

    The price to be paid for challenging the rule of extremists

    A revolution now 'consuming its own children'
    Welcome to the world of Megagames

    Welcome to the world of Megagames

    300 players take part in Watch the Skies! board game in London
    'Nymphomaniac' actress reveals what it was really like to star in one of the most explicit films ever

    Charlotte Gainsbourg on 'Nymphomaniac'

    Starring in one of the most explicit films ever
    Robert Fisk in Abu Dhabi: The Emirates' out-of-sight migrant workers helping to build the dream projects of its rulers

    Robert Fisk in Abu Dhabi

    The Emirates' out-of-sight migrant workers helping to build the dream projects of its rulers
    Vince Cable interview: Charging fees for employment tribunals was 'a very bad move'

    Vince Cable exclusive interview

    Charging fees for employment tribunals was 'a very bad move'
    Iwan Rheon interview: Game of Thrones star returns to his Welsh roots to record debut album

    Iwan Rheon is returning to his Welsh roots

    Rheon is best known for his role as the Bastard of Bolton. It's gruelling playing a sadistic torturer, he tells Craig McLean, but it hasn't stopped him recording an album of Welsh psychedelia
    Morne Hardenberg interview: Cameraman for BBC's upcoming show Shark on filming the ocean's most dangerous predator

    It's time for my close-up

    Meet the man who films great whites for a living
    Increasing numbers of homeless people in America keep their mobile phones on the streets

    Homeless people keep mobile phones

    A homeless person with a smartphone is a common sight in the US. And that's creating a network where the 'hobo' community can share information - and fight stigma - like never before