It is hard to know which is more alarming – that a security breach can affect more than 500 million people, or that it has taken nearly two years for the public to be informed of such an incursion. Yahoo’s major data breach is but the latest to hit the headlines. It might be somewhat reassuring to read that financial details like credit card and bank account data were not breached, and that encrypted passwords were not stolen, but let’s not forget that the leaks did include some users’ security questions and answers along with addresses, phone numbers and birthdates.
If you haven’t already taken steps to reinforce your personal security measures, now is the time.
- Change your Yahoo password. If you haven’t been a Yahoo user for a while, don’t assume you are home free. If you’ve ever had a Yahoo password, get online and find the old one, replace it and opt for the two-step option even if you are planning to close the account immediately.
- If you are still using the same passwords for multiple sites, get busy replacing them with different ones. If you have any that are similar to your Yahoo password, change them. Avoid anything that might be gleaned from your publicly available data (significant dates, locations, etc.) or might be guessed from your social media. Your passwords should be so random that you need a password manager to remember them. Find one and make use of it.
- Password management programs have come a long way since the first ones entered the scene. The early versions stored your passwords in an encrypted vault. Today’s options allow you a variety of real-time options, which include syncing passwords and the ability to change online passwords with one click. If a password manager seemed as if it might be as onerous as tracking your passwords in notepads, it’s time to check out the latest generation in password safeguards.
- Whenever you have the option of using two-step authentication, take it. This method generates a unique login every time you access your account. And, yes, you will be relying on your smart phone to do this, which is sometimes rather inconvenient. Remember, it will never be as inconvenient or devastating as scrambling to protect your assets if a cyber thief accesses your account.
- Security questions and answers don’t always provide the added security we might hope they would bring. Avoid anything that might prove simpler for crooks to uncover. Consider how easy it might be to find your mother’s maiden name or the town where you were born when public records can be accessed and checked at super-speed on the internet. Think, too, of all the personal data we happily share on social media.
- Because cyber-security essentially remains a reactive business (solutions are developed in response to actual threats rather than in anticipation of them) we don’t have the luxury of letting our guard down. The best defense against cyber-crooks is vigilance. Always be suspicious of unusual emails from financial institutions or requests for you to update your personal data. Similarly, be very suspicious of unsolicited phone calls from makers of your computer, its operating system or software manufacturers with news of patches or security updates.
Although the response to hackers is in the hands of corporate computer security experts and cyber law enforcement, as individual consumers we all can try to minimize our chances of being easy targets.