Heartbleed, the massive OpenSSL security flaw, has led to panic. Major companies scrambled to fix the bug, and in the aftermath, experts are preaching a simple recommendation to nearly all Web users: you should probably change your passwords.

We joined the bandwagon and shared a handy graphic this weekend listing many of the major sites affected. Users reacted to the chart in two ways:

First, readers said, “This is fear mongering.”

Then, some countered with the claim that the graphic wasn’t aggressive enough: “Your password used on any of the affected sites should be changed everywhere.”

AI Weekly

The must-read newsletter for AI and Big Data industry written by Khari Johnson, Kyle Wiggers, and Seth Colaner.

Included with VentureBeat Insider and VentureBeat VIP memberships.

As a result, we’ve decided to issue a revised infographic.

password-list-VB

Alright, nobody panic. Here’s the deal:

Just about every company and every security expert has said the same thing about passwords for years:

  • You shouldn’t use the same password on every site.
  • You should change them often.

 

Rinse, repeat.

Some security experts say you should wait a bit before changing your passwords. That’s fine, but it’s likely not necessary, as most major Web firms have long issued fixes. If you really want to be careful, you can check to see if a site is still vulnerable to Heartbleed before changing your password on it.

But really, if you just follow the two rules above, you’ll probably be fine.

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn More