Today Yahoo announced that over 500 Million (bling) user accounts were compromised. If you are or were a Yahoo users from 2014 or prior, your information was likely stolen. This information likely included your username, encrypted password, possibly your email address and telephone number, and your challenge/response questions. Ah yes, challenge response questions…the same ones you may have picked for use on other important websites (think bank). It is possible, even likely, that someone could use the challenge/response information from yahoo to reset your password on other websites and obtain access under your name. SO, what should you right now?!
- Change your password(s)!
On Yahoo, and any other web site that you may have a similar or same password. Enough said. Consider using a password manager such as Dashlane.
- Change your challenge/response questions on all of your important web sites.
Most websites offer challenge/response questions to help users reset their passwords in a more secure manner. At a minimum, you should login to your bank, online brokerage, health insurance company, 401k provider, etc. websites change the challenge question and corresponding response. At a minimum, change the response if you are unable to change the challenge question.
- Disable your challenge/response questions on Yahoo.
Yahoo now offers (and even suggests) that users disable the challenge/response feature on their Yahoo account. Disable this feature! It is no longer secure for most users.
- Enable 2-Step Verification on Yahoo (and any other site that offers the service).
2-Step verification is fast becoming standard on most websites, and you should use it! Typically 2-Step verification requires something you have and something you know. For example, the web site might send an SMS (text) message with a one-time-use code to your phone to validate that you are in fact the correct user for the account you are trying to access. 2-Step can be slightly less convenient than 1 Step (password only) authentication, but it is well worth the extra step to secure your account.
The data breach at Yahoo may be one of the largest intrusions in history, but it will not be the last. Following the above steps should help to reduce the risks you will face from the Yahoo hack as well as other hacks that are yet to be revealed.