Yahoo Security Breach — What It Means to You

A new name can be added to the list of companies who have been hacked this year:  Yahoo. If you know anyone with a Yahoo account, there’s a chance you received a strange e-mail from them recently. More than 450,000 username and passwords were compromised in the breach.

The group responsible released a statement on their reasoning behind the hack:

“We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat. There have been many security holes exploited in Web servers belonging to Yahoo Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage.”

Hopefully this is a wake up call everyone involved, Yahoo users included.

Many people find creating a password to be a daunting task that they usually just blow off and use anything they can remember easily. News flash! Anything you think is easy, hackers will think is even easier. Using a password like startrek, 123456, password, ninja, or anything else that’s obvious is more likely to get hacked than using symbols, upper and lowercase letters and numbers.

Don’t get me wrong here. I’m not saying that complicated passwords can’t be hacked. I am saying that someone who uses starwars is going to get hacked before someone who uses F1r3F17Ru13s.

To keep yourself and your accounts secured, here are some guidelines for creating a password:

• Change your password often — every 90 days is the standard
• Keep the length to eight characters or more
• Substitute symbols for letters or numbers. C@t@nd7h2H@t (Cat and the hat)
• Intentionally misspell a word (Superamin, B@tmyn)
• Avoid anything you can find in the dictionary (in any language)
• Avoid words spelled backwards and common abbreviations
• Don’t use personal information (such as birthday, anniversary, driver’s license number, etc…)
• Use at least one number, symbol and lower case/upper case letter.
• Use a different password for each account (if one account gets hacked, they wont all be left vulnerable).

If you are unsure if your password is strong enough, head on over to Microsoft’s Password Strength Checker. This tool can help you figure out if the Force is with you.

Now go forth and apply these guidelines to all of your passwords. I know it’s scary, but it’s better than the alternative.