https://github.com/blog/1818-security-heartbleed-vulnerability They recommend not only changing your password and enabling two-factor authentication but also replacing your ssh keys. I’ll add that if you’ve used a github ssh key anywhere else you should replace it there as well — and use a different key this time. Regards, John Ralls