Every single Yahoo account on the planet was hacked in 2013, Yahoo said earlier today. This comes as a shock, because the original revelation earlier this year was that only 1 billion accounts were compromised four years ago. The new announcement is a bullet in every Yahoo user’s leg, because believe it or not, your account has been accessible to hackers all this time.
The implications for Yahoo are a growing number of consumer class-action lawsuits, which had reached 41 counts by May 2017, according to a company filing earlier this year.
So what’s the first step you need to take to protect your account? Change your password, of course. But you already know you need to do that on a regular basis, so how else can you protect your account from being accessed by hackers?
The next step is to remove that password from every other account that you’ve used it for, not just Yahoo properties.
Once you’ve done that, we recommend that you unlink your mobile apps from your Yahoo account and then re-link them with more secure passwords. Hackers are focusing on mobile devices now more than ever, and this move should ideally protect you from future attacks.
We also recommend that you use a secure and reputed password manager. There are several free options for desktop as well as mobile, and premium versions are plentiful as well.
Most online services today allow two-factor authentication, so you should turn that on for your Yahoo and other online accounts.
What is Two-Factor Authentication?
Two-factor authentication, also known as TFA or 2FA, is a security layer that uses not only a password, but a specific piece of information known only to the user. For example, when a site sends a one-time password (OTP) after you login with your password, or requests you to enter your mother’s maiden name or the city of your birth, that’s two-factor authentication. It could also be something like a randomly generated PIN or any other “security token” that can be used to authenticate the user. This is part of what is known as multi-factor authentication, and it adds an extra layer of security for the user.
You’ve actually been using TFA for a long time, whether you realize it or not. Your credit card’s CVS number, the PIN for your ATM card, extra authentication for online purchases and so on. All these are two-factor authentication systems that have been in use for years.
So, the next time a site or service ask you to activate two-factor authentication, do it.
Nobody can tell you if your account details were ever used by hackers for anything. For all you know, nothing has been done so far. On the other hand, they might be sitting in some database somewhere, waiting to be abused.
Irrespective of what has or hasn’t been done, you need to protect yourself online, starting right now.
