It’s official: 2016 is the “Year of the Password Reset.” Just when we thought the headlines of big data breaches couldn’t get any worse, news broke yesterday that more than half a billion Yahoo accounts were impacted by a breach in 2014. But we’re here to say: Changing your Yahoo password today just isn’t enough.
Let’s put the Yahoo breach into perspective: That’s like Facebook saying that half of all its users had their account information stolen. This will likely go down in the books as the biggest cybersecurity breach in history.
As if that weren’t frightening enough, the Yahoo breach follows on the heels of other massive breaches just this year: Incidents at Dropbox, LinkedIn, and MySpace affected hundreds of millions of people.
Awful? Yes. But the damage doesn’t stop there. When these massive lists of usernames and passwords are leaked on the web, it’s fuel for attackers to hack people’s accounts on other, even more lucrative, websites. All they have to do is use the same usernames and passwords, and try them on other popular websites to find a match, and voila, they’re in.
That means anyone who made the mistake of using the same password on more than one website can now be hacked. With the supercomputers available today, testing for matches to those passwords is trivial for these attackers. And because so many people still reuse passwords, the payoff is more than worth it. So now it’s not just your Yahoo password or your Dropbox password that’s out there – every website where you used the same or similar password is also out there for the taking.
It’s no longer good enough to just change your Yahoo password. You need to do more to protect yourself. Can you say yes to all of these?
- You’re using a password manager like LastPass.
- You do not use the same password on ANY two websites or apps.
- All of your passwords have been changed within the last year, and
- You’ve updated your Yahoo password to another strong, random password.
If yes, you’re a password rockstar. If not, here’s what we all should be doing to take control of our online security:
Sign up for a password manager.
If you’re already using LastPass, collect $200, pass Go, and skip to the next step. But if you’re not using a password manager, today is the day to sign up. For most of us, it’s a herculean task to keep our passwords organized, while creating strong passwords that are different for every account, and remembering them all on a daily basis. A password manager does all that for you, making your passwords easy to get to every day, and more. Plus, it locks everything down with the best encryption available. So sign up now, and get all your passwords added to your vault – you can even import the passwords you’ve got stored in your browser.
Run the Security Challenge.
This is where you really put your password manager to work for you. If you’ve been using LastPass for a while, you already know how much time and hassle it saves you in dealing with passwords. But to really use your password manager to maximize your security, you need to use it to generate a different, strong password for every account. And the best way to audit your passwords is to launch the LastPass Security Challenge. It not only tells you how many passwords you have in your vault, it shows you which ones are weak, old, reused, and even which websites you use have been compromised. That’s why you want to do this before you change your Yahoo password – so you know if you’ve used the same password you did for Yahoo on any other website, and you can prioritize changing those passwords, too.
Now, change your Yahoo password.
Login to your Yahoo account, and use the LastPass password generator to create a new password. Save the new password to LastPass, and submit it to your Yahoo account, and you’re done. Who said creating 20-character passwords had to be hard?
Now go change all your other passwords.
After each new breach, we as consumers run around changing this password or that one, which can be a hassle and quite time-consuming. After you’ve figured out where you’ve reused passwords using the LastPass Security Challenge, there are a few ways LastPass will help you simplify the process of changing your passwords. First, on many websites LastPass can automatically change the password for you with Auto-Password Change. Choose this option where available and LastPass will do the work of changing the password in the background. On any other website, use the LastPass password generator to create the strongest password you can, and save the changes to your LastPass vault as you also submit the change on the website.
Don’t forget about the security questions.
Websites often ask you to add answers to special security questions, with the intention of adding extra security to your account. Unfortunately, they are typically terrible for security because the information isn’t encrypted, and the answers are often easy to find with a few quick searches on the web. Just use the password generator to create bogus answers to security questions. Save the answers as a “Note” in the site entry in your vault, so your mother’s maiden name looks like: sPEcTOpeRoseNctuLAte.
So remember, the best thing you can do today to thwart hackers after big breaches like the Yahoo one is to never reuse a password, and always create a strong, unique password for every website and app you use. Once you’ve followed our steps, you’ll be that much more prepared when (not if) the next popular website is breached. You’ll only need to change one password, and won’t have to waste time worrying about whether any of your other online accounts are at risk, too. There is no time like the present to make sure you improve your password security across accounts.