What The Yahoo! Compromise Teaches About Password Hygiene

By now, you all have likely heard Yahoo! confirmed 500 million accounts were stolen from the company in 2014, releasing names, email addresses, personal records and more. While we are waiting on FBI to find out who is behind this massive breach, it’s an important reminder for how necessary it is to have a secure password, why password security continues to be a problem and what we can do to reduce our chances of being on cybercriminals’ target list.

Password reuse is a human problem. Remembering a new, secure password for every login we have can be difficult. With the rise in breaches, the character count minimum for a secure password continues to rise (depending on the source, it should be between 12-16 random characters). So it makes sense why we continue to reuse passwords with easy to remember, non-secure details such as our birthdate or sequential numbers. Additionally, the rise in mobile technology has trained us to create and use bad passwords because typing long passwords into a phone is a pain. Two recent technologies are taking the pain out of passwords: Apple’s Touch ID and password managers. Touch ID is available on many mobile banking applications and the popular payment sharing platform Venmo. Logging in to apps that support it is nearly seamless and – most importantly – seems to be secure with no wide-spread hacks yet. Password managers are an effective tool because they take the hassle out of creating and storing secure passwords. Most password managers support some sort of sync, so wherever you are, you have your passwords with you.

The Yahoo! compromise surely has exacerbated the password reuse problem for lots of users. The silver lining is the breach happened in 2014, so many of the stolen passwords are a little stale by now. However, not all users change their passwords frequently and many online services do not enforce password expirations. While any big data breach is scary, it is a good opportunity to review all your current passwords to make sure nothing is being reused. Additionally, it is useful to check in with your friends and family to remind them about the importance of password security, as they could be sharing your personal information unsafely and unknowingly. Remember, the more people aware about password security, the less chances hackers have to use our personal information in their advantage.

Here are a few quick steps to follow to get your passwords in order:

  1. Use a password manager. There are several good ones out there. I have had experience with 1Password, KeePass, Lastpass and others. They are easy to use and worth the small amount it takes to get it set up.
  2. Enable two-factor authentication on services that support it. At a minimum enable two-factor on your email (e.g. Gmail, Hotmail, Yahoo, etc.).
  3. Ensure your computer, phone and all software is up to date and you are running current anti-virus.
  4. Do not click on suspicious emails from unknown senders.
  5. Make sure to log out from all your accounts after using someone else’s computer.

The Yahoo! breach – and other breaking news – will probably be referenced many times during Cyber Security Awareness month, so be sure to keep an eye on the news for other security best practices to help keep your information secure.