Yahoo hack highlights the need for strong passwords and reset old ones

Yahoo has been hacked - again. News that the struggling internet company was breached back in 2013, and the personal information of more than one billion of its users was stolen, should serve as a reminder that everyone’s email and personal information is vulnerable to hacking.

Safeguards you can take include creating strong passwords and changing them when you have to. Yes, all this is a pain, and it’s not your fault that the tech industry hasn’t been able to stem the rise in security breaches. But if you do nothing, you could be putting your personal or financial information - or even your identity - at risk.

What’s a good password?

The more complicated and lengthy a password is, the harder it will be for hackers to guess.

Don’t include your kids’ names, birthdays or references to any other personal details. Hackers routinely troll Facebook and Twitter for clues to passwords like these. Obvious and default passwords such as “Password123” are also bad, as are words commonly found in dictionaries, as these are used in programs hackers have to automate guesses.

More from News & Analysis

What is the US HIRE Bill and why is India’s $250-billion IT sector worried? Is the internet dead? What's this theory that OpenAI's Sam Altman says might be true?

Long and random combinations of letters, numbers and other characters work best. Your password reset questions should be as unique as possible too, and don’t be tempted to recycle those either. This was some of the information stolen in the Yahoo hack. And with the help of social media, it’s not hard for hackers to find those little personal tidbits like what your mother’s maiden name is, or the name of your hometown.

Is it ok to reuse passwords?

No. Avoid using the same password for multiple sites, so that a break of your school’s PTA site wouldn’t lead hackers to your online banking account. You can make things easier on yourself by using a password-manager service such as LastPass or DashLane. They remember complex passwords for you - but you have to trust them. Last year, LastPass disclosed “suspicious activity” and told users to change their master passwords.

Some web browsers such as Apple’s Safari and Google’s Chrome also have built-in password managers. They work if you switch devices but not if you switch browsers.

Should I change my password?

While some security experts argue that it’s more important to pick a complicated password than to change them frequently, if you haven’t changed your Yahoo password since 2013 do it now.

And even if you have changed your Yahoo password in the last three years, you might want to do it anyway. Breaches are often worse than they first appear. LinkedIn disclosed earlier this year that a 2012 breach affected 117 million accounts- not the 6.5 million previously thought.

What more can I do?

Multi-factor identification - which asks users to enter a second form of identification, such as a code texted to their phone - will provide additional protections. It’s now commonplace for many email and social media accounts. Even if hackers manage to get your password they still need your phone with the texted code.

Should some accounts be trashed?

Delete or deactivate accounts you no longer use. Has your Yahoo email account been filled with spam since before the invention of smartphones? Maybe it’s time to say goodbye. That goes for social media too, (remember Myspace?). This often can be done through your account settings - as long as you still have your password to sign in.

What about social media security?

And while we’re on the subject of social media, make sure you restrict posts to just your actual friends. You can adjust that in the settings. Some companies try to help their users with this. Facebook, for example, occasionally prompts its users to review who can see their personal information and how strong their security settings are.

Nonetheless, assume that everyone everywhere can see what you’re posting. That’ll keep hackers from harvesting those juicy details they can use to crack into your accounts.

Associated Press