How to Protect Yourself After the Yahoo Breach

Do you have a Yahoo email account? What about your spouse or your kids? Then take notice, folks: There’s a really good chance that at least one of you has been compromised.

...

Yahoo has just announced that more than a billion account have been hacked. If everyone on Earth had a Yahoo account, then that would mean about one in every 6 people have lost their credentials to a hacker. As they used to say in college, look to your left and your right. One of those people was probably hacked.

And it gets worse: This hack didn’t happen last week or even last month. It was back in 2013, so you have been compromised for a very long time.

What did the hackers get?

Hackers got usernames, emails, passwords, and even the answers to your security questions (you know, like, “What’s the name of your first pet?”).

What’s the danger?

Not only does that obviously give hackers the ability to access your Yahoo email, but also it lets them into other Yahoo services that use the same credentials. Like the popular photo sharing site Flickr.

What can you do about it?

Sure, the barn door was left open around the same time that Prince William and Kate Middleton had a baby, but you can still take steps to protect yourself.

Change your Yahoo password. Whether or not Yahoo has informed you that your credentials have been compromised, change your Yahoo password right away.

...

Some security experts suggest changing all of your passwords once or twice a year as a mitigation against undisclosed or undiscovered security hacks (like this one, in fact). That might take more time than you’re willing to invest in online security, but definitely chnage your Yahoo password. Now.

Disable your Yahoo security questions. Those were compromised as well, and Yahoo lets you disable them in the Account Security tab of the Account Info link.

Use different passwords everywhere. Are you one of those people who re-use the same password at multiple sites so you only need to remeber one? This Yahoo breach is exactly why you shouldn’t; hackers can take your email address and known Yahoo password and try it at Amazon, major banking sites, and elsewhere to see if they get lucky. Use a unique password at every site you use. Period. If you are currently re-using passwords, change them now so you have a different one at every important site you frequent.

Use a password manager. Programs like Lastpass and Dashlane store all your passwords behind one master password, so you only need to remember one code to get into every site you own.

...

That might sound unsecure, but the technology used by these sites makes them more or less unhackable (for all intents and purposes). You are much better off using 100 unique passwords at every site you frequent and relying on Lastpass or Dashlane for entry than by relying some home-brewed security hack you cooked up yourself.

Turn on two-factor authentication. For any sites and services that support two-factor authentication, enable the feature. That way, if a hacker tries to take over your account, they'll be blocked becuase they need access to your mobile phone to enter a one-time code. It's a smart precaution to take for your most critical and important accounts.

Lie in your security questions. So, hackers might have your security answers—which means they might know your dog’s name is Fido, and use that to recover your banking password at another site. The fix? Don’t truthfully answer security questions, and use different answers at every site. You can store your made-up responses in a secure note in your password manager just in case you ever need to use them.

Trash email you don't need. If you tend to keep all your old email, great, That makes them easy to find. If you tend to keep all your old email, that's a problem--hackers can browse them looking for information that'll make it easier to crack other accounts (like your bank) or get other confidential information. As a general rule, permamently delete email you don't need from online email services like Yahoo, just in case.