Latest News: Technology |  Celebrity |  Movies |  Apple |  Cars |  Business |  Sports |  TV Shows |  Geek

Trending

Filed under: News | Technology News

 

Yahoo Hacked And How To Protect Your Passwords

Jan 31 2014, 5:30am CST | by

10 Updates
Yahoo Hacked And How To Protect Your Passwords
 
 

Comments

Full Story

Yahoo Hacked And How To Protect Your Passwords

Yahoo yesterday announced that Yahoo mail has been hacked and that at this time it has confirmed a number of users e-mail accounts have been compromised – you may be one of them (and if you are see below for my top tips on how to secure your passwords going forward). It is not clear how many users have been compromised, or exactly how. Yahoo don’t have a history of providing much information but it would be prudent for any Yahoo mail users to take precautions (more on that below). Between the vague statements about malicious code and “a third party was probably to blame ” Yahoo has been resetting the credentials of affected users via e-mail and SMS if your mobile is on file, which I suppose is a step in the right direction. Whilst details are scarce at this time this continues a trend of bad security and resilience news for Yahoo who experienced a multitude of issues in 2013.

More broadly, the last couple of years have seen a significant spike in the theft of passwords (or their hashed or encrypted representations) from online services as cyber criminals moved beyond financial information as their sole form of profit. Whilst we all wait with baited breath (perhaps pointlessly) for further details of the compromise now would be a very good time to upgrade your password. Many providers are very behind the time on password security, but at least you can take steps to minimise the risks. Here are a few tips on how to do it:

  1. Avoid using the same password across multiple sites and services. That way, if Yahoo credentials are breached hackers won’t be able to jump across in to your Twitter , online banking, work accounts or alike. I know this presents a memory challenge for some users, but see the below tip on password managers.
  2. Choose a password which is not easy to guess. Words with a dictionary root followed by numerals are very common choices and predictable patterns that cyber criminals can use to crack your password very fast. Passwords should be long, phrase based and involve a balance of different types of characters – numbers, letters, capitols and ideally a few symbols. See my fabulous example below.
  3. Set up password change/reset mechanisms properly – not obviously. Password reset forms on many services ask questions like “Where did you go to school?” or “In which year were you born?”. These questions are easy to answer and can typically be mined from social media pages or the Internet — why would hackers guess your password if they can just tell a system where you went to school and how old you are (you did after all announce your birthday last year on Twitter and your age, didn’t you?). Instead I suggest lying on the Internet. Come up with a scheme of answers to these questions that you won’t forget (or store securely) or better still, if the service allows, specify your own difficult questions.
  4. Bigger = better! When passwords are stolen from providers they are typically in a hashed or encrypted form, a bit like this ’5f4dcc3b5aa765d61d8327deb882cf99′. This is a hashed password representation and using clever techniques and computing power attackers can reverse the original password and log in to your account. When they steal these hashes it is only a matter of time and effort until they reveal the original. Short passwords might be guessed in second to minutes or hours (it depends on the implementation), where very long passwords could take years of work (and the cyber criminals are likely to go after someone else). Therefore making your password 60 characters makes life much harder for the cyber criminals if they do manage to break in to a service like Yahoo. This of course all assumes the provider isn’t just storing your password in clear text – in which case you will be very glad of tip number 1!
  5. Use a password manager Password managers generate strong unique passwords for each of your services and then store them in an encrypted database which you can unlock with one  good master password. It is a reasonable compromise for those that do not have an amazing memory but don’t want to fall in to the pitfall of repeating similar passwords across multiple sites.  See below for more information on how this works.
  6. Register to a breach monitoring service. There are a variety of services on the Internet now which monitor for visible lists of stolen usernames/passwords. Of course, not all breaches are visible so it is far from a complete list. That said, if your username shows up it will e-mail you a notification and tell you it is time to change.

Despite numerous proposals of authentication mechanisms to replace the password it is still the cheapest, easiest to deploy ubiquitous form of authentication used. So we should all take some steps to make sure we are using them properly. A good password manager allows you to generate secure passwords for each of your sites and avoid duplication — luckily you don’t have to type these beastly long passwords out, the tools do that for you. Here is an example of a password recipe for a new password:

You can specify the length of the password (some providers don’t allow unlimited length but arbitrarily restrict you to say 16 characters e.g. Microsoft 365 exchange. Grumble grumble.) and the make up of symbols and numbers. You can even make it pronounceable for a situation where you might have to actually read the password out (though I don’t recommend this for obvious reasons). Each time you click the button you get a nice new secure password which the password manager automatically associates with the website in question so that you can auto log in each time remembering just one secure password you specify. Not all password managers are created equal so it is worth shopping around a little before you commit, but these tools can take the average users password security from poor to really rather good in an afternoon password changing party. Lastly, it is important you keep a back up of the password encrypted database (loosing all your passwords in one place would be painful) and you may want to think twice about putting the keys to your whole life in there – my banking details for example would not be in this application. So why not make something good from another password breach and share these tips with your friends, family and colleagues. I await with baited breath news from a reader that they’ve successfully made all their passwords over 128 characters.

Follow me on Twitter @jameslyne

Source: Forbes

 

iPad Air Giveaway. Win a free iPad Air.

You Might Also Like

Updates


Sponsored Update

Update: 10

4 Firms In Iskandar Malaysia Get Facilitation Fund Totalling RM16.2 Million

Source: Malaysia Today

MALAYSIA-WEATHER-FLOOD
(Bernama) – Four companies have received the facilitation fund amounting to RM16.2 million from TERAJU@Iskandar Malaysia in an information sharing programme on business opportunities and assistance f ...
Source: Malaysia Today   Full article at: Malaysia Today 2 hours ago
 


Advertisement


Update: 9

Selangor’s Watergate about to explode

Source: Malaysia Today

LEBANON-SAMAHA-AZMI BISHARA-ISRAEL
Anwar brought Wan Azmi to meet Khalid to try to resolve this matter. Anwar supports the RM2.5 billion claim but Khalid is stubbornly sticking to the figure ...
Source: Malaysia Today   Full article at: Malaysia Today 1 day ago, 4:12am CDT
 

More From the Web

Update: 8

GLCs told to provide RM7 billion to develop Bumiputera firms

Source: Malaysia Today

EurAsia Cup presented by DRB-HICOM - Day One
(The Malaysian Insider) – Putrajaya has directed government-linked companies (GLC) to generate RM7 billion in business opportunities for Bumiputera firms this year, Prime Minister Prime Minister Datuk Seri ...
Source: Malaysia Today   Full article at: Malaysia Today 1 week ago, 2:05am CDT
 

Update: 7

Rafizi shows proof of Putrajaya’s hand in contentious carpet-trader loan

Source: Malaysia Today

Eileen Ng, The Malaysian Insider PKR lawmaker Rafizi Ramli today revealed documents to prove Putrajaya interfered in the RM32 million Bank Rakyat loan to ‎controversial businessman Deepak Jaikishan. Rafizi (pic).. ...
Source: Malaysia Today   Full article at: Malaysia Today Jul 16 2014, 2:16am CDT
 

Update: 6

PAS MP claims Bank Rakyat loaned carpet-trader RM215m, interest free

Source: Malaysia Today

(Malay Mail Online) – Controversial businessman Deepak Jaikishan (pic) was given a whopping RM215 million interest-free loan from state-owned Bank Rakyat, a PAS lawmaker alleged today, despite Putrajaya’s claims o ...
Source: Malaysia Today   Full article at: Malaysia Today Jul 14 2014, 5:52am CDT
 

Update: 5

MRCB, Nusa Gapurna and PKNS settle suit over RM3 billion PJ Sentral project

Source: Malaysia Today

(The Malaysian Insider) – Malaysian Resources Corp Bhd (MRCB), Nusa Gapurna Development Sdn Bhd (NGD) and PKNS Holdings Sdn Bhd have reached an out-of-court settlement over the ...
Source: Malaysia Today   Full article at: Malaysia Today Jun 21 2014, 2:53am CDT
 

Update: 4

Story behind Syed Mokhtar’s ‘RM2.25 billion tax-exempt’ Bernas deal revealed, says PKR MP

Source: Malaysia Today

(The Malaysian Insider) – An innocuous written reply in Parliament has provided a peek into the cosy relationship between the Najib administration and Malaysia’s best-known businessman, Tan Sri Syed Mokhtar... READ MORE ...
Source: Malaysia Today   Full article at: Malaysia Today Jun 15 2014, 12:56pm CDT
 

Update: 3

Constitutional monarchy still murky concept

Source: Malaysia Today

After the RM4.5 billion land sale, the Sultan of Johor secured a 15% stake in MOL Access Portal (MOL) for RM396 million and took a 20% stake in Berjaya Time ...
Source: Malaysia Today   Full article at: Malaysia Today Jun 14 2014, 12:37am CDT
 

Update: 2

Sultan of Johor’s RM4.5 bil backlash?

Source: Malaysia Today

"GOLDEN ASIA" Tokyo Premiere Press Conference
Has Sultan Ibrahim of Johor’s succession of big money deals over the last six months caused the tide of public opinion to turn against Johor’s royal palace? KiniBiz examines the... RE ...
Source: Malaysia Today   Full article at: Malaysia Today Jun 11 2014, 8:49am CDT
 

Update: 1

Putrajaya denies carpet dealer given interest-free loan

Source: Malaysia Today

Eileen Ng, The Malaysian Insider Putrajaya today refuted allegations that Bank Rakyat had allowed carpet dealer Deepak Jaikishan to repay a RM32 million loan without interest following intervention ...
Source: Malaysia Today   Full article at: Malaysia Today Jun 11 2014, 5:44am CDT
 

Shopping Deals

 
 
 

<a href="/latest_stories/all/all/31" rel="author">Forbes</a>
Forbes is among the most trusted resources for the world's business and investment leaders, providing them the uncompromising commentary, concise analysis, relevant tools and real-time reporting they need to succeed at work, profit from investing and have fun with the rewards of winning.

 

 

Comments

blog comments powered by Disqus

Latest stories

Nina Dobrev posts Quotes on Instagram while Ian Somerhalder tweets Nikki Reed
Nina Dobrev posts Quotes on Instagram while Ian Somerhalder tweets Nikki Reed
Nina Dobrev is damn jealous of her ex- boyfriend Ian Somerhalder who is currently dating Nikki Reed. So she took to a social website to post some very strange remarks in response to which Ian Somerhalder tweets Nikki Reed .
 
 
Emma Stone Calls “Game Of Thrones” A “Joke Show”
Emma Stone Calls “Game Of Thrones” A “Joke Show”
Emma Stone thinks that the HBO’s hit series “Game Of Thrones” is actually a “joke show”. She prefers “Orange Is The New Black” over “Game Of Thrones”.
 
 
Jessica Chastain Kisses Colin Farrell
Jessica Chastain Kisses Colin Farrell
Jessica Chastain encourages Colin Farrell to seduce her in 'Miss Julie'. See Farrell kissing Chastain in the first trailer of Liv Ullmann’s Miss Julie below.
 
 
Fifty Shades of Grey Trailer is Here
Fifty Shades of Grey Trailer is Here
It is a steamy morning for Fifty Shades of Grey fans. The Fifty Shades of Grey trailer has been released. Watch the sexy trailer below.
 
 
 

About the Geek Mind


Read more about The Geek Mind.