Unless you've been living under a rock you have no doubt heard about the Heartbleed Bug. Basically it's a bug (a glitch) in the encryption used by many big companies such as Facebook and Dropbox. No doubt you do use some of the companies who may have been afffected or at risk. That means we all need to change our passwords once a site has given the thumbs up that they've patched the security risk.
To make your life easier, here is a link to Mashable's list of sites that have recommended user passwords be changed. It is updated daily so check it often to see if new sites have been added. If you do not live in the United States you won't find the list of banks and government sites much help.
For those you will have to visit your country's specific bank and government agency sites to see if you need to take precautions.
When you go to change your password, please create a strong password. It should be a mix of characters, numbers and letters and it should be random. Don't use your pet's name or your child's date of birth. Don't use your mother's maiden name. Don't use a recognizable sentence or phrase such as "thecheshirecat" or "thequickbrownfoxjumpedoverthelazydog" Even changing some of the letters such as a and e to characters is useless against the amazing fast tools hackers have to crack passwords.
Here's a list of the top 500 worst passwords. Make sure your password isn't on this list!
And please do not use the "trick" of creating a base password and altering it slightly for different websites. That's not a good idea even though many are touting it as a way to remember all the passwords we need to keep. Because of course you are not using the same password for every site, are you? I hope not! You must have a unique password for each site or you are at risk. If you use one password for all, and then Site A is hacked the hacker now has access to all sites you frequent.
If like me you have dozens of passwords for all the services you use, you must either use a password Manager such as Dashlane or LastPass, or you must write them down and keep them in a secure (preferably locked) spot in your home. Obviously I can't share specific secrets with you of the ways I manage or store my passwords but I can tell you that for the dozen passwords I must take with me on the road, I use a code to disguise the actual password. In other words, the password is there but the name of the site to which it refers is not noted in any way a person would understand. As well the actual password is coded so that only I know what certain letters and characters mean. Some mean I remove them from the password. Some mean I capitalize the letter. Some mean I substitute a specific character.
Yep I know, it sounds like a spy novel. But my motto is "Better Safe than Sorry". With all the hacking going on these days and with the incredibly fast ways hackers have to break passwords, I take no chances.
Don't wait. Change your passwords when each site has fixed or patched the security flaw.