Yawn, another data breach. This time it’s Yahoo! that’s affected. Despite news outlets proclaiming it’s the biggest breach of its kind, how many of us even lifted an eyebrow?
Are we in danger of becoming complacent when data breaches are being disclosed so frequently and seem to grow in size?
Every month, or less, another story hits the press about a data breach and we are told to hurry along and change our passwords. Now, don’t get wrong – this advice is good. Changing passwords, protecting email accounts, enabling two-step authentication and generally being more vigilant and secure about our online activities are all things that will help stop the bad guys getting too much access to our online life and private information.
But let’s consider the fact that the Yahoo! data breach, which happened in 2014, affects an estimated 500m user accounts and the data exposed may include email addresses, phone numbers, date of birth details, encrypted passwords and, in some cases, security questions. Even if you go and change your passwords today, there may already be an opportunity for cyber-criminals to reset or access your other online accounts as some of this information has already been released by the hackers.
In the face of a breach with such far-reaching implications, maybe it is not that we are complacent, but that we simply don’t know what we can do after the fact. There are a few simple actions we can take, however, that will help.
Stop trusting the traditional password and move to two-step authentication, if you haven’t already. This may sound complicated but it’s a concept you already know from every time you use your ATM card. You have the card and you know the PIN; but without both parts, the card will not work in an ATM machine.
For an online account, the two factors might be your phone and the contents of a text message sent to you at login. It doesn’t have to be inconvenient, either. Some companies only invoke this stronger login process when you try accessing an account from a new device, which seems like a good compromise.
For Yahoo! users, it might be a relief to know that Yahoo! has a fairly unique security system that is called account key. If you are about to change your Yahoo! password, I recommend taking the extra step and switching this service on.
It simplifies logging in by connecting your login request with the Yahoo! app on your phone. The browser login screen asks for your Yahoo! ID, then displays a page that says it’s waiting for confirmation to login.
Meanwhile, your phone will receive a notification asking you to confirm the login with a simple click of a button – yes or no.
September 23, 2016