Heartbleed: Two steps to protect your information

Heartbleed is a security flaw that's plaguing as much as two-thirds of the Internet, including many popular sites like Yahoo and GitHub. On sites affected by Heartbleed, user accounts are vulnerable -- your username, password, credit card number, and other private information may be exposed. Companies are scrambling to patch their sites.

But don't sit around waiting for a fix. Take these two defensive steps (and one more if you have an Android device):

1. Check whether your most-visited sites are vulnerable

CNET has already checked the top 100 sites to see if they have Heartbleed patches, so visit that page first. For sites not on the list, use the following tools:

Filippo Valsorda's Heartbleed test

LastPass Heartbleed checker

2. Change your passwords when the sites are safe

If you've confirmed that a site has been hit by Heartbleed, don't rush to update your password. Wait for an announcement that the site has been patched. Then we recommend changing your password.

As always, it's a good idea to have a different password for every account. To keep track of all those logins, try a password manager. LastPass's mobile apps include Heartbleed scans, but you must have a paid Premium account to use them.

Windows

1Password
Dashlane
KeePass Password Safe
LastPass
RoboForm

Mac

1Password for Mac
Dashlane for Mac
LastPass for Safari

iOS

Dashlane for iOS
LastPass for iOS

Android

KeePass2Android Password Safe
LastPass for Android

Check your Android devices

Android phones and tablets may also be affected by Heartbleed if they're running an older version of the Android OS, 4.1.1. Lookout just released a free app that scans your phone or tablet and reports on whether it's vulnerable. The scan is just a diagnostic, not a fix, but at least you'll know if your mobile devices are at risk.

Heartbleed Detector for Android