Heartbleed bug: Am I at risk? Do I really need to change my password?

The encryption flaw described as 'catastrophic' by experts has rocked the web, read on to find out which sites and services are affected - and what you can do

The discovery of Heartbleed, a flaw in one of the most widespread encryption standards used online, has panicked webmasters and users alike.

The bug has gone unnoticed for more than two years and could have potentially given hackers access to an unlimited array of secure data – everything from passwords and login details to credit card numbers and addresses.

Read more: What is Heartbleed?  'On the scale of 1 to 10, this is an 11'

Although it’s difficult to say exactly how many websites have been exposed, the lower estimates are around 500 million with a large number of major web companies (Google, Facebook, Yahoo, etc) all forced to update their software to protect against the bug.

However, there have been quite a lot of mixed messages as to whether or not users should change their passwords, with some outlets urging that you should create new ones immediately while others are advising that you wait.

To add to the confusion there’s also been reports of hackers sending out phishing emails related to Heartbleed - in order to trick users into giving up passwords that have yet to be compromised. Be on the look out for these and don't follow any links in suspicious looking emails - if you want to change a password go to the site directly.

The Heartbleed bug: Because now software flaws come with their own logos

Which sites are affected?

Most Google sites and services (including Gmail and YouTube - but not Chrome) were affected, as were sites maintained by Yahoo (including Tumblr and Flickr). Facebook was also hit by the bug although Twitter and LinkedIn were not.

Other big sites that have confirmed that they weren’t affected include Amazon, Hotmail and Outlook, eBay, PayPal and all of Apple’s properties – including iCloud and iTunes.  If you want to check whether or not a site you use is still affected then you can do so here – just enter the URL.

Another big worry is for online banking, but thankfully we have some good news in that department. Lloyds, HSBC, RBS, Natwest, Santander and the Co-Op have all confirmed that they were not affected by the bug (they were using different encryption standards). Barclays has yet to issue a statement.

However, this does not mean that your credit card details are completely safe – as they could have been compromised via your Gmail or another third-party site. The security of mobile banking apps is still a developing situation as well.

Gmail was among the sites affected.

So do I need to change my passwords?

In a word: yes.  For the sites we’ve listed above as being affected (including Gmail, Yahoo, Tumblr, Flickr, Facebook) it definitely won't hurt to change your password some time in the next couple of weeks.

Although security experts have warned that you shouldn't be too quick to change passwords, this is because not all website have patched their servers and changing your password before this happens could make matters worse. The sites we've listed above have patched their servers and if you want to check one we've not mentioned - click here and enter the URL.

Unfortunately, some sites (including Google) have specifically said that users don't need to change their passwords. While it's true that some sites are confident that they fixed the bug a while back, as most of us are guilty of changing our passwords less frequently than we should do (aka never) we think that this is as good an opportunity as ever to be a bit more security-conscious.

If you can't remember your password, trying leaving a subtle hint.

What should my new password be?

In lists of the most frequently used passwords online there’s some obvious clangers that we know you’re too smart to use (these include old stand-bys such as ‘123456’ and ‘password’ itself) but just because a password doesn’t look obvious to you that doesn’t make it safe.

This means that you shouldn’t really use any single words that are found in the dictionary,  any words connected to you (place of birth or pets' names), nor should you use any obvious ‘substitutions’ (eg pa55w0rd- more complicated variations are required) or patterns derived from your keyboard layout (eg ‘1qaz2wsx’ or ‘zxcvbnm’).

Read more: The 25 worst passwords revealed - is yours on the list?

It’s wise to use a variety of characters in your password (including upper and lower case as well as numbers) but an easy way to get more secure is to start thinking of your password as a passphrase.

The easiest way of increasing the difficulty of a password is by simply making it longer – so try combining multiple words together and then adding in numbers between them. 

You could pick a number of some significance to you (for example a loved one’s birthday, ie 12/08/1970) and then splicing this with a nonsensical phrase (‘shoesplittingwatchwizard’) to get a suitably difficulty password: Shoe12Splitting08Watch1970Wizard.

Other suggested methods for making a strong and memorable password include taking a sentence or a favourite line from a song as a starting point. So you might take the line "When you call my name it's like a little prayer" and turn it into wuCmNilaLP. Madonna is optional of course, but we think this a fun method - especially if you can work in numbers somewhere.

You should also use different passwords for your different accounts (perhaps the most difficult piece of advice to follow of all) and if you want to be really secure you should also set up two-step authentication where available.

Arts and Entertainment
Attenborough with the primates
tvWhy BBC producers didn't want to broadcast Sir David Attenborough's famed Rwandan encounter
News
Campbell: ‘Sometimes you have to be economical with the truth’
newsFormer spin doctor says MPs should study tactics of leading sports figures like José Mourinho
Sport
football
News
Kelly Osbourne will play a flight attendant in Sharknado 2
people
Life and Style
ebookNow available in paperback
ebooks
ebookPart of The Independent’s new eBook series The Great Composers
Life and Style
Alexander McQueen's AW 2009/10 collection during Paris Fashion Week
fashionMeet the collaborators who helped create the late designer’s notorious spectacles
News
Down-to-earth: Winstone isn't one for considering his 'legacy'
people
News
The dress can be seen in different colours
i100
Life and Style
Agretti is often compared to its relative, samphire, though is closer in taste to spinach
food + drink
Sport
Wes Brown is sent-off
football
Voices
Lance Corporal Joshua Leakey VC
voicesBeware of imitations, but the words of the soldier awarded the Victoria Cross were the real thing, says DJ Taylor
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    Ashdown Group: Front-End Developer - London - up to £40,000

    £35000 - £40000 per annum: Ashdown Group: Creative Front-End Developer - Claph...

    Ashdown Group: QA Tester - London - £30,000

    £28000 - £30000 per annum: Ashdown Group: QA Tester - London - £30,000 QA Tes...

    Ashdown Group: Linux Administrator - London - £50,000

    £45000 - £50000 per annum + bonus: Ashdown Group: Linux Systems Administrator ...

    Ashdown Group: Business Intelligence Analyst - London - £45,000

    £40000 - £45000 per annum: Ashdown Group: SQL Server Reporting Analyst (Busine...

    Day In a Page

    War with Isis: Fears that the looming battle for Mosul will unleash 'a million refugees'

    The battle for Mosul will unleash 'a million refugees'

    Aid agencies prepare for vast exodus following planned Iraqi offensive against the Isis-held city, reports Patrick Cockburn
    Yvette Cooper: We can't lose the election. There's too much on the line

    Yvette Cooper: We can't lose the election. There's too much on the line

    The shadow Home Secretary on fighting radical Islam, protecting children, and why anyone in Labour who's thinking beyond May must 'sort themselves out'
    A bad week for the Greens: Leader Natalie Bennett's 'car crash' radio interview is followed by Brighton council's failure to set a budget due to infighting

    It's not easy being Green

    After a bad week in which its leader had a public meltdown and its only city council couldn't agree on a budget vote, what next for the alternative party? It's over to Caroline Lucas to find out
    Gorillas nearly missed: BBC producers didn't want to broadcast Sir David Attenborough's famed Rwandan encounter

    Gorillas nearly missed

    BBC producers didn't want to broadcast Sir David Attenborough's famed Rwandan encounter
    Downton Abbey effect sees impoverished Italian nobles inspired to open their doors to paying guests for up to €650 a night

    The Downton Abbey effect

    Impoverished Italian nobles are opening their doors to paying guests, inspired by the TV drama
    China's wild panda numbers have increased by 17% since 2003, new census reveals

    China's wild panda numbers on the up

    New census reveals 17% since 2003
    Barbara Woodward: Britain's first female ambassador to China intends to forge strong links with the growing economic superpower

    Our woman in Beijing builds a new relationship

    Britain's first female ambassador to China intends to forge strong links with growing economic power
    Courage is rare. True humility is even rarer. But the only British soldier to be awarded the Victoria Cross in Afghanistan has both

    Courage is rare. True humility is even rarer

    Beware of imitations, but the words of the soldier awarded the Victoria Cross were the real thing, says DJ Taylor
    Alexander McQueen: The catwalk was a stage for the designer's astonishing and troubling vision

    Alexander McQueen's astonishing vision

    Ahead of a major retrospective, Alexander Fury talks to the collaborators who helped create the late designer's notorious spectacle
    New BBC series savours half a century of food in Britain, from Vesta curries to nouvelle cuisine

    Dinner through the decades

    A new BBC series challenged Brandon Robshaw and his family to eat their way from the 1950s to the 1990s
    Philippa Perry interview: The psychotherapist on McDonald's, fancy specs and meeting Grayson Perry on an evening course

    Philippa Perry interview

    The psychotherapist on McDonald's, fancy specs and meeting Grayson Perry on an evening course
    Bill Granger recipes: Our chef recreates the exoticism of the Indonesian stir-fry

    Bill Granger's Indonesian stir-fry recipes

    Our chef was inspired by the south-east Asian cuisine he encountered as a teenager
    Chelsea vs Tottenham: Harry Kane was at Wembley to see Spurs beat the Blues and win the Capital One Cup - now he's their great hope

    Harry Kane interview

    The striker was at Wembley to see Spurs beat the Blues and win the Capital One Cup - now he's their great hope
    The Last Word: For the good of the game: why on earth don’t we leave Fifa?

    Michael Calvin's Last Word

    For the good of the game: why on earth don’t we leave Fifa?
    HIV pill: Scientists hail discovery of 'game-changer' that cuts the risk of infection among gay men by 86%

    Scientists hail daily pill that protects against HIV infection

    Breakthrough in battle against global scourge – but will the NHS pay for it?