Have You Acted After the Biggest Hack Ever?

Last week, the tech company Yahoo confirmed that more than 500 million user accounts were hacked in 2014; one of the biggest data breaches ever.

Real names, e-mail addresses, telephone numbers, dates of birth, security questions, and passwords were all compromised, so not only is your Yahoo e-mail account at risk, so is any other account where you reused usernames or passwords.

One estimate from the Security Research department at the University of Cambridge puts password reuse as high as 49%. That means when a hacker scores a password they can use the same password to gain access to other accounts about half the time.

A more extreme survey conducted by mobile-identity company TeleSign showed that nearly 75% of folks use the same passwords and many haven’t changed their passwords in five years or more. Nearly a quarter of people still use passwords that are more than 10 years old. That’s a lot of time to have a password hacked.

And once hackers have a single password, they can potentially use that one account to obtain access to many more of your e-mail accounts, social media accounts, or even your banking and financial details.

You could also see an increase in “phishing e-mails” that try to get you to click on a link that asks for personal information, credit-card numbers, or to log in before viewing a document.

Here’s a few things that you can do to make sure you stay safe:

Close old accounts. One problem with the Yahoo hack is that it took more than two years for the company to discover that it had been hacked. And it’s only notifying you that your personal information was leaked if you log in to your account.

If your Yahoo account was an old one that you no longer regularly use, you may not even realize that there was a breach – or that any accounts for which you used the same password are now at risk.

Change your passwords, and use better ones. The longer your password, the more you increase your security. A six-word password phrase would take 3,505 years to crack (at 1 trillion guesses per second).

Use “two-factor authentication.” Two-factor authentication requires your password plus another piece of information – like a code sent to your e-mail or mobile device associated with your account – to log in to a website. I love using this feature.

Many companies – including Google, Apple, Microsoft, and password-managing service LastPass – give you the option of using two-factor authentication, as do many banks, brokerages, and credit-card companies. SolidTrust Pay has had its secondary password feature, a form of 2FA, for over 10 years (before anyone else even thought of it)!

Create your own security question. Many websites ask extra “security questions” when you register. Like your first pet’s name, the color of your first car, or your mother’s maiden name. If you ever forget your password, the site can use these questions to verify your identity.

Here’s the problem: Instead of protecting your personal account information, they may be doing the exact opposite. The easier a question is to remember, the easier it is for a hacker to guess…

STPay always requires you to create your own question, something that needs a detailed answer that someone can’t find online. Or if you can’t do that, give unrelated answers.

For example, if the question is “What was the color of your first car,” answer with something like “campingmelon” or – even more secure – a random sequence of letters, numbers, and symbols.

If you’re not able to remember the answers, you can write them down (just keep the paper secure) or use a password manager like LastPass or similar company.

YOUR ACCOUNT ACCESS IS ULTIMATELY YOUR RESPONSIBILITY and the Yahoo hack drives that home for everyone.