How to Protect Your Account After the Yahoo Attack

Yahoo has disclosed that it suffered a massive data breach in 2014 in which the attackers stole the usernames, passwords, telephone numbers, and birth dates of as many as 500 million users. In some cases even the security questions were also stolen. According to the statement released by Yahoo the “state-sponsored” hackers have stolen information from about 500 million users. Such a massive breach would make it the largest publicly disclosed cyber-breach in history. Yahoo has not commented on who is the “state actor” and the purpose behind such a large scale attack. Yahoo has said that it is in the process of notifying the affected users.

We understand that you might be having questions related to the breach. In this article we will try to answer some of the basic questions. For more you can leave your queries in the comment section at the bottom of the page.

How do I get to know if I my details are stolen?

Yahoo has said that it is in the process of notifying all the affected users through email. We recommend you should not wait for the email but straight away change your password.

Should I change my password?

Yes, if you are a Yahoo user you should change your password right away. You should not wait for the communication from Yahoo. You should also change password for all of your email accounts including those that are not on the Yahoo domain. Make sure you create unrelated strong passwords for each email account.

How do I create strong password?

Few things you should always remember before creating a password:

• The longer the password, the harder it is to crack. Make sure your password is atleast 12 characters long.
• Your password should be a mix of numbers,capitalization,special characters,spellings and punctuation.
• You should avoid using simple nouns
• Use replacements for a strong password. It means that you should replace “s” with “$”, “i” with “!”, “for” with “4” and so on.
• Avoid reusing your old passwords.
• Always change your passwords after 3 months.

You can use either of the following methods for creating strong passwords:

a) Breaking the sentence Method: This method is quite simple and many people use it including the professional security experts. All you need to do is take a sentence and then turn it into the password. Let me explain it to you.

Let’s consider a sentence: Yaay! Messi scored a goal

You can rewrite it as : Y@YMe$C$c0@l

b) The Person-Action-Object (PAO) method: It’s quite simple to create passwords using this method and not even people close to you can make a guess. Select a random Person like Michael Phelps, a random object like Mount Everest and a random action like Running. Now link the Person Action and the Object to create a sentence. In this case we can make one such as “Michael Phelps found running a marathon on Mount Everest”. You can further break this passphrase using the “Breaking the Sentence Method” something like “Miphforumeverest”.

c) Using Random Password Generator: There are many random password generator websites which can help you create strong random passwords. The deal with these passwords is that they are so random that it becomes difficult for a person to remember them. All you need to do is create strong passwords using these websites and then store your passwords in a password manager app like LastPass, 1Password etc. These apps will store all your strong passwords.

Once you have created a password you can check its strength at online password checkers like Online Domain Tools. Nowadays almost all web pages provide a measure of strength of your password at the same time when you are creating one. You should always pay heed to that.

Click here to know more about creating strong passwords.

Is my Password enough to secure my account?

No, although strong passwords provide a reliable security cover but they are not enough to make your account 100% secure. To enhance your cyber security you should use two-factor authentication if your service provider is offering that. Almost all financial firms and even email giants like Google and Yahoo provide two-factor authentication in which you receive a One Time Password in real time on your phone before you make any changes to your account. Without entering the One Time Password you won’t be able to make any changes to your account. Thus if any hacker gets to know your password, he can’t make any changes unless he has got a control on your phone as well.

The breach happened in 2014. The hackers had my password for around 2 years. What’s the fun of changing my password now?

You should change your password even if you don’t suspect any changes done by hackers to your account. The breach has affected as many as 500 million users. In such cases, the hackers usually convert these details into hashes (a type of encryption) and upload them online for free or sell them on the dark web. Now other bad actors can get the data and there are chances they crack these hashes. Before someone cracks them and misuses your account it’s better you change your password.

Please leave your queries in the comment section below and we will try to answer them.