You should change your passwords for sites affected by the bug. By Lisa Gerstner, Contributing Editor From Kiplinger's Personal Finance, July 2014 Are you inoculated against the Heartbleed bug? When a flaw in encryption software made national headlines in April, the major Web sites affected (among them Facebook, Google and Yahoo) quickly moved to fix the problem. But user names, passwords and credit card numbers on hundreds of thousands of Web sites were vulnerable for about two years, even when they displayed a closed-padlock icon. The advice for you: Change your password for any site affected by the bug, especially if the password you used on the site is the same one you use to log in to, say, a credit card account.See Also: 6 Ways You Invite Hackers to Steal Your Personal Information Most major financial institutions said that Heartbleed had not penetrated their Web sites because they do not use the affected software. If you don’t know whether Heartbleed hit your institution, call to check whether your data could have been compromised. Even if an institution claims that you’re in the clear, change your account password. For sites that carry your sensitive personal information, including your e-mail and financial accounts, you should always create unique passwords. You can generate new passwords with the tool at www.lastpass.com/generatepassword.php. You can add a layer of protection by using two-factor authentication. With Gmail, for example, you can arrange it so that if anyone tries to access your account from a PC that you’ve never used to log in, that person will have to enter your password and a code that Google sends to your mobile phone. Don’t forget to protect mobile devices, too. Android phones running Jelly Bean (4.1.1) have the Heartbleed bug, and you must update the software. Download and run the McAfee Heartbleed Detector app to see whether your phone or any apps are affected.