Sift Logo Several blue dots forming a sphere to the left of the word Sift in italic font.
  • Products

    Digital Trust & Safety Suite

    Fight fraud without sacrificing growth

    Learn more →

    Passwordless
    Authentication

    Account
    Defense

    Content
    Integrity

    Payment
    Protection

    Dispute
    Management

    Sift
    Connect

    PSD2
    Solution

    New Releases & Enhancements

  • Partners

    Sift Partner
    Program

    Join the leader in Digital Trust & Safety

    Learn more →

    Commerce platform partners


  • Industries

    One solution, many applications

    Learn how Sift can work for your industry

    Learn more →

    Featured industries


    Fintech

    Retail

    Food & Beverage

  • Customers

    See case studies by industry

    Sift works across every use case and region

    Learn more →

    Featured customers


  • Resources

    Explore our resources

    Access trends, guides, and insights from Sift

    Learn more →

    Blog

    Ebooks

    One Pagers

    Demos

    Videos

    Webinars

    Infographics

    Podcasts

    Trust & Safety University

  • Fraud Center
  • Company

    Why leaders choose Sift

    Technology, community, and partnership

    Learn more →

    Our mission: Help everyone trust the internet


    About

    Careers

    News & Press

Request a demo
Products
  • Digital Trust & Safety Suite
  • Passwordless Authentication
  • Account Defense
  • Content Integrity
  • Payment Protection
  • Dispute Management
  • Sift Connect
  • PSD2 Solution
  • New Releases & Enchancements
Why Sift
  • Salesforce
  • Magento
  • Shopify
Industries
  • Fintech
  • Retail
  • Food & Beverage
Customers
Resources
  • Blog
  • Ebooks
  • One Pagers
  • Demos
  • Videos
  • Webinars
  • Infographics
  • Podcasts
  • Trust and Safety University
Fraud Center
About
  • Search Careers
  • Our Company
  • Contact Us
  • Engineering Blog
Request a DemoSign In
  • Blog Home
  • Fraud
< prev / next >
Share this article on LinkedIn
Tweet this article
Share this article on Facebook
SOCIALICON
Share this article via email

Worried About the Yahoo Breach? 3 Ways to Protect Yourself

By Kevin Lee  / 

16 Dec 2016

The recent admission from Yahoo that a billion user accounts had been hacked – including names, email addresses, phone numbers, birthdays, hashed passwords, and even some security questions and answers – was bad news all around. This type of information is in high demand on the dark web. Why? If you use that email address and password for other services, a criminal can use the stolen info to gain access to those services, reset the password – and take over your account.

If you’re a Yahoo user, you’ve probably already gotten an email asking you to change your password (even though the breach happened three years ago). But what else can you do to protect yourself, now and in the future?

Image: Chilanga Cement

Best option: use a password manager

Password managers store all your different logins, so you don’t have to enter them every time. LastPass, Dashlane, and 1Password are three of the best-known solutions for managing multiple passwords. Many of these services are free, but some cost money. However, even if you do have to pay a small fee, just think of it as investing in the long-term health of your online security – kinda like a gym membership, or multivitamins.

Other than the benefit of added security, password managers offer some serious benefits in terms of convenience. No more wracking your brain to remember all your various passwords. It’s also much easier to sign in to all your many accounts –less typing!

Second-best option: get two-factor authentication

Two-factor authentication is a security layer that uses two different forms of ID – often a username/password, plus a code sent to your phone. A lot of internet services enable you to sign up for two-factor authentication as an additional layer of security on your account, but anecdotal evidence suggests that adoption remains low.

Two-factor authentication can definitely feel like a hassle, but it’s one of the most secure steps you can take. A hacker will need both pieces of the puzzle to unlock your account, which makes it much, much harder.

If you don’t want to check your phone and complete an extra step every time you’re signing in to an account, you can at least opt in to getting “new login” emails from your online services. You’ll get an email or text every time someone signs into your account from a new device. Your account will still be compromised, but you’ll be able to react quickly.

Third-best option: use different passwords for your accounts (or, at least, variations of them)

We’ve all heard this one before, but how many of us do it? Research shows that nearly 3 out of 4 people reuse the same password on multiple sites.

Since it’s annoying – and darn-near impossible – to keep track of distinct passwords for every single site you visit, you can also consider using variations of a single baseline password. Many security experts recommend using a phrase as your password, with special characters subbed in for various letters.

For example:

Baseline password: P#ppiesLovetoP1ay%
wellsfargo.com password: P#ppiesLovetoP1ay%WF
Amazon.com password: P#ppiesLovetoP1ay%A
Gmail password: P#ppiesLovetoP1ay%G

The bottom line is that data breaches aren’t going away, so it’s safe to assume your information is going to be compromised at one point or another. To limit the chances of someone using that info to wreak havoc across the web, you should bite the bullet and try one of the security measures listed above.

Related

account takeoverdata breachessecurity

Kevin Lee

Kevin Lee is Vice President of Digital Trust & Safety at Sift. Building high-performing teams and systems to combat malicious behavior are what drive him. Prior to Sift, Kevin worked as a manager at Facebook, Square, and Google in various risk, spam, and trust and safety roles.

  • < prev
  • Blog Home
  • next >
Company
  • About Us
  • Careers
  • Contact Us
  • News & Press
  • Partner with us
  • Blog
Support
  • Help Center
  • Contact Support
  • System Status
  • Trust & Safety University
  • Fraud Management
Developers
  • Overview
  • APIs
  • Client Libraries
  • Integration Guides
  • Tutorials
  • Engineering Blog
Social

Don't miss a thing

Our newsletter delivers industry trends, insights, and more.

You're on the list.

You can unsubscribe at any time. Please see our Website Privacy Notice.

If you are using a screen reader and are having problems using this website, please email support@sift.com for assistance.

© 2022 Sift All Rights Reserved Privacy & Terms

Your information will be used to contact you about our service and subscribe you to our direct marketing communications. You can, of course, unsubscribe at any time. Please see our Website Privacy Notice.