PUBLIC SERVICE MESSAGE
Rather than worry about Heartbleed, here’s what you need to do, so that you care a lot less the next time this happens.
Which will be < 2 years from now, virtually guaranteed… something like this will affect you again.
(1) Download and install a secure password database manager, like PasswordSafe, available for Android and iPhone. Make sure that the implementation of your password safe is reasonably secure, if you want to use one other than this one. That exercise is left to the reader.
(2) Install PasswordSafe on your phone. You can install it on your computer, too. Choose one legitimately hard password to protect the safe.
This part is seriously important… your phone keyboard is annoying and toggling back and forth between sub-keyboards for special characters is annoying so do something like this if you’re not the breed of cat who can remember and type complex passwords on annoying keyboard interfaces.
(3) Go through your list of web sites, and take the time to change every password at every site. Store the changed passwords in your Password Safe. There are fields in Password Safe that let you store additional information: URLs, security questions, email accounts associated with that site, etc. It’s awesome.
(3.a) Consider taking the time to create a brand-new email account, which you will only use for site registrations. Don’t use it for anything else. This has two big bonuses: one, if someone hacks your normal email, which you use every day and thus it is more likely to get hacked than anything else, they can’t get any passwords sent to them; two, it cuts down on annoyance emails from web sites getting into your main account.
(4) Set a reminder in Google Calendar, or whatever calendar program you use, for 1 year from now. In a year, change all your passwords again. Do this religiously from now until you die or two-factor authentication becomes pervasive.
This is the requirement for leading even a minimally secure life in the digital age. Think of it as enjoyable as renewing your Driver’s License, if you want, but just do it already.
(5) Back up a copy of the data file for Password Safe off of your phone. Don’t worry, the file itself is encrypted, so assuming you chose a really good password in step (2), even if you lose the backup file nobody will be able to crack into it.
(6) If you’re using a web site that has any – and I mean ANY – limitations on the types of characters that you can use in your password, or has any limitations on the total upper length of the password, or allows passwords fewer than 8 characters…
Seriously consider dropping that web site. They are doing it wrong.