Security experts are bracing for the impact of Heartbleed. It’s going to be painful for both companies and users alike. No one knows for sure how much data was compromised. The list of potential sites affected is long and distinguished. Any site using OpenSSL is vulnerable. Some security experts are saying to wait before changing passwords until security admins have patched their servers. You don’t want to change passwords twice. Like it or not, we may be forced to change passwords sooner than we think.