- Brian Krebs recommendations
- LastPass Heartbleed checker
- XKCD’s simple explanation of the bug
- The Register’s technical explanation of the bug
If you use LastPass to store your passwords, you can use the LastPass Security Challenge to have LastPass check all of your stored passwords.
LastPass’ checker provides a nice Assessment that tells you whether to chance you password now or to wait.
Once you’ve determined which sites need to update your password, make sure you do the following:
- Change your password
- Because Session Cookies may have been compromised – Sign out all sessions. Some examples:
- In Gmail, scroll to the bottom of you mail window, click ‘details’ in the bottom right, and click the ‘Sign out all other sessions’ button
- In Facebook click the downward pointing triangle, click ‘Settings’, click ‘Security’ in the left sidebar, click ‘Where You’re Logged In’, and click ‘End All Activity’
- Remember to change your app specific passwords. While these usually have restricted access to your accounts, these passwords would have been vulnerable to compromise too. Some examples:
- For Google, go to Account Security Settings, click ‘App Password Settings’, revoke all of your existing App Specific passwords, create new application-specific passwords.
- For Yahoo!, go to your account settings, click ‘Manage your app passwords’, click ‘Remove All’, and regenerate passwords.
Edit 4/16/14: Removed references to the CNET affected sites list, because it seems to contain false positives. Added a link to The Register’s technical explanation of the bug.