So the logical next step, beyond perhaps avoiding going online until all your favorite sites have addressed the vulnerability, is to change the passwords you use for those sites. This is also a good time for a general refresher in password hygiene.
Safety in numbers. If you're using a single password across multiple sites, you might want to diversify. The more passwords you have, the harder it will be for an attacker to use one set of credentials to compromise your entire digital life.
What kinds of passwords should I use? There are different ways to pick a password. Multiword phrases can provide good security. You can also select a string of alphanumeric characters — the longer the better. But above all, here's a good rule to keep in mind: The best passwords are ones that you can't remember yourself and that can't therefore be guessed by another human.
How to keep track of your passwords. By this point you should have a good idea of how many sites you use and how many different passwords you'll need to change. The number might feel overwhelming. How will you keep track of them all, especially if each one needs to be unique?
This is where a good password manager comes in. Two great examples are LastPass — which uses the vulnerable protocol OpenSSL but, the developers say, is protected from Heartbleed — and 1Password. Both are password "lockers" created to contain all of your different passwords. To access any of them, you have to enter one, single master password. While that might sound like a big, single point of failure, so long as you choose a strong master password, you'll enjoy more security than using a single weak password for multiple sites, or many weak passwords across many sites.
Update: In a blog post, LastPass now says it supports an automatic check to determine which of your passwords may need changing as a result of Heartbleed.