On Thursday, Yahoo announced that information from at least 500 million Yahoo accounts had been compromised in a data breach that occurred in late 2014. According to Yahoo’s announcement, the theft may have included names, email addresses, telephone numbers, dates of birth, passwords and, in some cases, encrypted or unencrypted security questions and answers.
Regardless of whether or not you have a Yahoo account, this breach serves as an important reminder that—by following a few cyber security best practices—you can reduce your own exposure to other similar breaches in the future. Here are three quick lessons we can all learn from this latest incident.
Note: If you have a Yahoo account that predates 2014, the company has posted some helpful FAQs on their website.
1. Try Not to Reuse Passwords.
Just about everyone has a go-to password that they use for the myriad of logins that the internet seemingly requires of us. And, it’s probably unrealistic to expect anyone to use a unique password for each individual website they interact with. But, when it comes to your online banking credentials, don’t use the same password that you also use for your email account, your Facebook account, or anything else.
2. Don’t Rely on Emails for Conducting Financial Transactions.
As the Yahoo incident reminds us, email accounts are susceptible to hacks. And, sometimes it can take months or years before you learn of a breach. If you get an email you weren’t expecting from someone asking you to send money, always verify the correspondence with a phone call (or text message) to the sender. Don’t rely solely on the originating email.
3. When Available, Enable Two-Factor (or Multi-Factor) Authentication.
Multi-factor authentication is an additional security layer that helps protect your user account should your password ever become compromised. The thought is that—even if your login credentials are compromised—multi-factor authentication should prevent a hacker from inflicting any real damage.
Perhaps the most common form of two-factor authentication involves the use of text messages. With two-factor authentication, the user is required to enter a separate, one-time confirmation code that they receive via text. This confirmation can either take place at the time the user logs in, or sometimes, codes can be used to authenticate certain functions within a website (i.e. placing an order, sending a payment, etc.).
There are also other forms of multi-factor authentication. For example, Facebook lets users opt-in for their Code Generator, which provides a 6-digit access code. And, some sites now use Google’s Authenticator to verify login attempts.
Whenever possible, review each site’s security offerings and take advantage of the features that go beyond just simply having a login ID and password. Yes, these additional layers of protection will take a few extra seconds of your time, but they’re absolutely worth it.
About the Author:
Rusty Haferkamp is the chief information officer at Central National Bank. In his spare time, he enjoys being outdoors, hunting, fishing, and spending time with his wife and two young daughters.