Last month 6.5 million LinkedIn passwords showed up on a Russian website. Very recently, 450,000-plus Yahoo! usernames and passwords were published by a hacker group called D33Ds. On one hand, you want to think that Yahoo! is on top of its own cyber-security. On the other hand, you know its not. So, what do you need to do now?
First, change your Yahoo! password. This really is not optional. Yahoo! has been compromised. And, until Yahoo! says that they have found and corrected the security bug that allowed the hackers to access the username and password files, be ready. You may need to change your password more than once.
As you know, I am an advocate of strong passwords -- inconvenient, long, strong passwords. 7-1d7w!Ka was my Yahoo! password until a few hours ago. Can you guess the phrase I based it on? Hint ... it's written in LEET and it is a famous phrase from the 1939 movie classic, The Wizard of Oz. Got it?
7-1d7w!Ka is an abbreviation for, "Toto, I don't thinks we're in Kansas anymore." The letter "T" is represented by a the number "7." The uppercase letter "I" is represented by a "1." The lowercase letter "i" is represented by an "!" and the other letters are just letters.
Toto, I don't think we're in Kansas anymore. Gets shortened to:
T-IdtwiKa, which gets translated to LEET as: 7-1d7w!Ka, which is about as strong of a password as you can create and it's very, very easy to remember.
Here's a simple LEET table. Try to make a few long, strong passwords by picking a favorite phrase or quote from a movie or book and using the first letters of each word to construct your password.
Making very strong, inconvenient passwords and using them is one of the best things you can do to protect yourself against casual hackers.
That said, we all have dozens of websites that we visit and it is really not a brilliant idea to use the same password for all of them. You can do it, but it increases the risk that one good hack will give you a serious headache.
There are two programs I like that solve this problem. One is free, but a little geeky. The other is $50 bucks, but works like a charm. KeePass (Windows) and KeePass X (Mac) are free, open source password managers. And 1Password is a $50 very nicely packaged solution that will let you automatically create and manage a large number of extremely long, strong, cryptic passwords on all of your devices: Windows, Mac, iOS, Android, etc.
The value of this kind of password management software is that, not only can it help you create excellent passwords and autofill them for you, it can help you change your passwords very quickly -- and that is the only thing you can do about the Yahoo! hack.
You must change your Yahoo! password now. There is an online tool from Sucuri Malware Labs that can tell you if your account was one of the ones that were hacked, but you should just change your password anyway.
The more we put our lives in the cloud, the more vulnerable we are to this kind of hack. Getting a handle on password management is a best practices requirement for success in a connected world. So check out some password management software and get a system in place. Sadly, this will not be the last time you need to be vigilant about passwords or cyber-security.