Been reading the articles about how Yahoo was hacked and millions of accounts were compromised? Before it’s an issue, now’s a great time to jump onto Yahoo and secure your account. Here’s how…
It’s true, Yahoo has confirmed that back in 2014 there were millions, no, over 500 million account credentials that were stolen from the Yahoo servers. Business Insider says “The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, encrypted or unencrypted security questions and answers.”
If you have an account on Yahoo, not only do you need to go change the password (and you DO use a different password on other sites, right?) but there are some other things you can do to help secure your account, even if it’s quite a while since the actual data breech.
To start, log in to your Yahoo account. They haven’t reset passwords, aren’t forcing you to change your login sequence, so it’s as easy as just going to yahoo.com and logging in as usual. Then on the top right, click the gear icon to access the main menu:
From the menu, choose “Account Info” to proceed.
At this point, you’ll move to a page with lots of different account settings and configuration. On the left side will be a menu of choices:
Choose “Account security” so you can change and update your account and make sure that if the data stolen back in late 2014 from the Yahoo servers hits the wider underground hacker community, it cannot be used to sneak into your account!
Here you can see the basic things you should be tracking. Most important is that you ensure that your phone number is accurate (I recommend a cellphone or other device that can receive text messages) and then turn on Two-step verification. That’s critical because with that enabled, even if the hackers can get your password or try to reset it by knowing your security questions, they can’t actually log in without knowing the secret code Yahoo sends to your smartphone.
I have an older tutorial on how to set up two-step verification. Read it. Follow it: How to set up two-step verification on Yahoo.com.
Back? All set up? Good. You’ll also want to ensure that the email addresses listed are your own valid addresses. They’re useful for emergency access if your password is hacked or lost.
And of course, click on “Change password” to set a new password. A good idea anyway!
But since the security questions and answers were part of the dataset stolen, Yahoo recommends that you disable your security questions. Yes, seems a bit weird, but it makes sense.
Once you’ve set a new password (I recommend upper and lower case letters, a digit or two and a punctuation character or two. Something like “Yo!2TheDave!”) it’s time to address those hacked security questions. Let’s do that by clicking on the words “Disable security questions“.
Since I’ve disabled them, I can tell you the answers, right? #1 the answer is … uh… um… wait a second. Let’s skip that part, ok? 🙂
It’s interesting that the button here is labeled “Yes, secure my account” actually, but it’s true: if your questions haven’t changed since 2014 and the Q&A can be used to reset account passwords, it’s absolutely dangerous to leave things intact. You can set up new questions, I suppose, but Yahoo really just wants you to lose the security question info entirely.
So do so. Click on “Yes, secure my account” and you’re done.
That’s it. Two-step verification + no security questions + a new password should ensure you can sit on the sidelines and watch what happens to other people’s Yahoo accounts if things go to the proverbial dogs.