Worried About the Yahoo Breach? 3 Ways to Protect Yourself
By Kevin Lee /
16 Dec 2016
The recent admission from Yahoo that a billion user accounts had been hacked – including names, email addresses, phone numbers, birthdays, hashed passwords, and even some security questions and answers – was bad news all around. This type of information is in high demand on the dark web. Why? If you use that email address and password for other services, a criminal can use the stolen info to gain access to those services, reset the password – and take over your account.
If you’re a Yahoo user, you’ve probably already gotten an email asking you to change your password (even though the breach happened three years ago). But what else can you do to protect yourself, now and in the future?
Best option: use a password manager
Password managers store all your different logins, so you don’t have to enter them every time. LastPass, Dashlane, and 1Password are three of the best-known solutions for managing multiple passwords. Many of these services are free, but some cost money. However, even if you do have to pay a small fee, just think of it as investing in the long-term health of your online security – kinda like a gym membership, or multivitamins.
Other than the benefit of added security, password managers offer some serious benefits in terms of convenience. No more wracking your brain to remember all your various passwords. It’s also much easier to sign in to all your many accounts –less typing!
Second-best option: get two-factor authentication
Two-factor authentication is a security layer that uses two different forms of ID – often a username/password, plus a code sent to your phone. A lot of internet services enable you to sign up for two-factor authentication as an additional layer of security on your account, but anecdotal evidence suggests that adoption remains low.
Two-factor authentication can definitely feel like a hassle, but it’s one of the most secure steps you can take. A hacker will need both pieces of the puzzle to unlock your account, which makes it much, much harder.
If you don’t want to check your phone and complete an extra step every time you’re signing in to an account, you can at least opt in to getting “new login” emails from your online services. You’ll get an email or text every time someone signs into your account from a new device. Your account will still be compromised, but you’ll be able to react quickly.
Third-best option: use different passwords for your accounts (or, at least, variations of them)
We’ve all heard this one before, but how many of us do it? Research shows that nearly 3 out of 4 people reuse the same password on multiple sites.
Since it’s annoying – and darn-near impossible – to keep track of distinct passwords for every single site you visit, you can also consider using variations of a single baseline password. Many security experts recommend using a phrase as your password, with special characters subbed in for various letters.
Baseline password: P#ppiesLovetoP1ay%
wellsfargo.com password: P#ppiesLovetoP1ay%WF
Amazon.com password: P#ppiesLovetoP1ay%A
Gmail password: P#ppiesLovetoP1ay%G
The bottom line is that data breaches aren’t going away, so it’s safe to assume your information is going to be compromised at one point or another. To limit the chances of someone using that info to wreak havoc across the web, you should bite the bullet and try one of the security measures listed above.
Kevin is the Trust and Safety Architect at Sift Science. Building high-performing teams and systems to combat malicious behavior are what drive him. Prior to Sift, Kevin worked as a manager at Facebook, Square, and Google in various risk, spam, and trust and safety roles.