The New York Times headline shouts, Yahoo Says 1 Billion User Accounts Were Hacked^, but what does that mean?
First of all this hack dates back to September, 2013, so there's no way to unscramble these eggs. If the data in your Yahoo! account has been compromised I suppose you have to protect yourself from every angle now. If you had documents that reveal more about your identity in there then the hackers may know a lot about you.
Yahoo! says that the following items were exposed:
- account telephone numbers
- encrypted passwords
- birth dates associated with account
- plaintext security questions
Let's talk a bit about number two from that list, encrypted passwords.
Encrypted Passwords : MD5 Hash
The encrypted passwords as Yahoo! calls them are actually MD5 hashes of the account's password. It is similar (but much older and proven in the past to be insecure) to SHA-256 hash. Modern computing power makes it possible to hack many of these passwords in a short time through brute-force attacks. I've written about brute-force attacks here and you can read more about it at: ( http://cyapass.com/post/how-hackers-crack-passwords-part-1
Making the Brute-Force Attack Impossible
However, even with the older MD5 hash technology being implemented, if your account password was not based upon natural language words (words you'd find in a dictionary) then your account will probably be safe. If your password for your Yahoo! account was one generated by C'YaPass for example (64 characters long and based upon random letters and numbers) it is close to impossible for hackers to crack it even with the older MD5 technology so you'd probably be safe.
Don't Need To Be Faster Than the Tiger
The important thing is that you'd be more safe. Your passwords just need to be stronger than all the other people's then you're safe. You don't have to be faster than the tiger. Just faster than the people you're running with. :)
Yahoo! Does Something Smart, But Is It Too Late?
What Does Yahoo! Account Key Do?
This method allows you to sign on without using a password. You simply set up a phone number that Yahoo! will send a notification to each time you attempt to sign on. When you attempt to sign on to your Yahoo! account the message will popup on your phone and only if you acknowledge it will you be logged in on the other device.
You can watch the video that shows it in action:
Fewer Is Better
The fewer passwords you have, the better. That's a great way to create a secure sign in and it means less passwords for you to memorize. However, this only works with Yahoo! accounts at this point. Maybe this is the way the industry will go, but for now you can't use this technology anywhere else. And, since a lot of users will migrate away from Yahoo! it may be far too little, too late.
Until Passwords Are Dead, Make Them Stronger
Until passwords are completely destroyed, you must make them stronger. You really should make them so strong that you cannot even memorize them. How can you do that? Just let C'YaPass generate them for you.
Get the app or try it in your browser.
Try It In Your Browser