The Heartbleed Hit List: The Passwords You Need to Change Right Now Here's a bare-minimum list of the passwords you should change in the wake of the heartbleed bug. If you have an account on any of these sites, and don't change your password in the near future, you're leaving leaving yourself unnecessarily unprotected. It's an annoying faff, I know (I've just spent the last hour doing it.), but it needs doing. And a semi-regular reminder: you should be using a password manager. No 2 sites you log in to should have the same password, and no password you have should be less that about 20 random numbers and letters. Basically, if you can remember it and type it yourself, your password is probably not secure enough.