When was the last time your mum changed her maiden name?
You’ve probably already heard that Yahoo suffered a massive data breach in which hackers accessed passwords and personal information for 500 million users back in late 2014. But 2014 was ages ago. And you haven’t used a Yahoo account in years (who has?!). So why should you care about hacks like this? Here are 3 very good reasons.
Hopefully you already know that it’s a terrible idea to reuse passwords across sites or services. While us geeks get that we shouldn’t be using the same password across multiple services, almost all of us are doing it anyway.
Here’s security expert Dr Jessica Barker to remind you why that’s bad:
“If your Yahoo password is cracked and you’ve used it for other accounts, those accounts can be accessed too. My research suggests that at least 62% of people in the UK use the same password for more than one account, so this is a real problem.”
Think long and hard about the passwords you’ve used over the years. If you were using the same passwords across multiple sites back in 2014, this breach has put you at risk. Even if not, if you’re reusing passwords anywhere, it’s time to invest in a good password manager.
Even if you’re one of the clever people who has a unique password for each site or service, the security questions designed to help us when we forget those passwords can put you at risk. While you’ve been changing your passwords, your mother’s maiden name hasn’t changed. And Mr. Business remains your first pet.
“It’s Mr Jim Business, you need to use his full name!”
When hacks like this one expose security question data, it can put any account that uses the same security questions at risk. While the process to change your password is usually visible and easy to complete on most sites, changing your security questions may not be as simple. If there’s no obvious way to change your settings, contact the service to see if they’ll help you. [Ed: and if they won’t, Twitter-shame them! Security is important!]
You don’t have to (and probably shouldn’t) set your answers to security questions to something true. For added safety, use a password manager to save a unique answer for each site. Why yes, my mother’s maiden name was “W7dlnsgkl^/,” why do you ask?
You haven’t thought about your old Yahoo mail account in years. But did you delete it? Abandoned accounts that haven’t been deleted or deactivated live on, with the information they contain vulnerable to direct attacks on the service provider or when a security question or shared password is obtained from an attack on another provider.
Financial details, information about your property, emails from old breakups, embarrassing photos from your emo phase – these old accounts can hold information that can be valuable for hackers and damaging or humiliating for you. You can manage these risks by deleting or deactivating accounts you no longer use. Even if you can’t think of anything that might be dangerous in that old Yahoo account you had, it’s probably a good time send all those potential security issues off to live on a farm in the country.
Want to know more about password security? Check out LastPass’s top 5 tips.
Main image: Pexels