How to Know Whether You Have Been Affected
To determine whether the websites and applications you use have been affected by Heartbleed, use this free Heartbleed checker. Simply enter the URL of the site and it will tell you whether it was affected. The site checker will also determine whether the website in question has actually been updated to the fixed version of OpenSSL. If it has then you should immediately change your password.
You should also go to each of your websites and look for a notice that confirms the website has been patched. A password change on a site that has been patched is important as it will reduce your risk from anyone who has managed to sneak through and extract sensitive data in the past two years. If someone did extract your password in that time than changing your password will ensure the person can no longer access your information.
There is of course little point in changing your password before a site has actually been patched. The next thing to do is to review your important online accounts like banking, credit cards and email for any suspicious activity for at least the next few months. There is little you can do when a security breach of Heartbleed’s scale hits. But you can at least limit the damage by maintaining good password habits like having different passwords for every website or application you use and changing them every few months.
Take advantage of two-step authentication for sites that offer them. Two-step authentication requires you to enter a six-digit passcode that is delivered to your mobile phone via SMS on top of your regular login details.