Here is an article from PC World that covers this topic in layman’s terms

http://www.pcworld.com/article/2141602/the-heartbleed-bug-and-you-a-users-guide.html

This is a free tool from LastPass that will help you check websites that you log into

https://lastpass.com/heartbleed/

If the site uses Open SSL — and has not recently regenerated their certificate — changing your password doesn’t mean anything.

If they have regenerated their SSL cert, then go ahead and change your password (user name too if possible).