What to do now that Heartbleed is forcing you to change all your passwords

Two-thirds of all sites have potentially been bleeding your login and personal information. If you’re like most people, you’ve been using the same email address and password for most sites, so now you’re really screwed. Now seems like a good time to take some steps to protect yourself.

Use More Than One Email Address

I have a longer post that I wrote several years ago ( Five Email Addresses), but basically you need an email address for people, for work, for money, for shopping, and then everything else. That way a hacked account on some third rate site won’t immediately put your bank and credit card accounts at risk.

Use a Password Generator and Keeper

There are a bunch of these like 1Password and LastPass that will allow you to generate strong passwords (20+ characters made up of mixed-case letters, numbers, and symbols) and remember them for every single site. You can sync them across multiple computers and devices, so you really don’t have an excuse for using the same weak password for every site.

Start changing your passwords, but judiciously

Since the news broke a number of sites have already patched the vulnerability; others were never at risk from this particular hole. Still, there may be sites out there that are still vulnerable to Heartbleed. Changing your password on any of them would still leave your account vulnerable. Check to see if your favorite sites are on Mashable’s hit list or test them yourself at http://filippo.io/Heartbleed/.