That's one reason why changing your password before a site is patched could actually be worse than doing nothing, especially now that Heartbleed is public knowledge.
Security flaws like this are also a good time for some reminders about how best to secure your online accounts.
You should really be using two-factor authentication for all your accounts that offer it. Two-factor authentication requires you to enter an extra code before accessing your online accounts. The code is typically generated by a smartphone app or keychain dongle, but you can also receive codes to your phone via SMS.
This extra step requires attackers to know how to generate your two-factor authentication code before they can login to your account. In the case of Heartbleed, two-factor authentication may not have been as useful a defense, but in general this extra step helps keep your account safer than it was.
Use a password manager
Now's a good time to start using a password manager especially if you're going to be changing some user logins over the next few days. A password manager makes it easy to generate randomized passwords using a combination of letters, numbers, and special characters. It also relieves you of having to memorize every one of those overly complex codes.
Password managers often come with other features as well such as secure notes, and autofill for online forms.
There are many options out there for password managers, but some of our favorites include LastPass, Dashlane, and KeePass. LastPass recently said in a blog post that it was using the version of OpenSSL affected by Heartbleed; however, because the service encrypts your data before transmitting it online, the company says its users were not at risk of having their data exposed to the bad guys.
Heartbleed is certainly a nasty little bug that needs to be taken seriously. But considering it's been in the wild for more than two years, there's not much a user can do now except wait patiently for affected sites to patch their servers before changing any passwords.
Once those sites are patched, however, you'll want to change your password as soon as possible.
Sign up for CIO Asia eNewsletters.