Yahoo! breach! proves! we! are! all! targets!

Yahoo! breach! proves! we! are! all! targets!

Probably the final proof – if it were still needed – that everyone needs to take their password management much more seriously came with the revelation that online behemoth, Yahoo!, has managed to mislay half a billion (yes, you read that right) sets of account details.

Not only that, but they managed to do so in 2014 and, apparently, have only just become aware of it…

Yahoo! under the magnifying glass with 1/2bn records compromised

We fear that many people still consider having to have lots of passwords as a major irritation, to be simplified as far as possible and combined with a naïve hope that they’ll never be the victim of cyber crime. This proves that really is a forlorn hope because we all know someone with a Yahoo! or Flickr account, even if we don’t have one ourselves.

Passwords are so fundamental to so many aspects of our lives now, this is no longer a trivial matter for anyone. Sadly our last post was on a very much related topic – the Spear Phishermen.

The only real answer right now is to use a proven, robust password manager. It’s actually pretty simple. You come up with one strong, unguessable password and then use that to lock down all the rest. That way, you only have to remember one and the others can be beautifully complex, because the password manager will fill them in for you!

We’ve covered this in detail before here.

Even if you are disciplined in creating passwords can you say hand on heart that there’s no pattern to them which could be unravelled if one was compromised?

Seriously, the time has come to act. What is probably needed now is a multi-pronged approach to both convince and educate people, as well as to put the tools in their hands.

How much money might the banks save if they gave people a free licence for a reputable password manager, like LastPass, 1Password or Dashlane?

These are user-friendly, widely available options that work on computers and smart devices.

In the process we need to teach people about multi-factor authentication – systems that either send you an instant login code to your phone or generate a unique code through an app. That way any attacker would have to compromise both your login details and your phone!

The disturbing thing about the Yahoo! attack is that not just passwords were taken, but security questions and their answers, like your date of birth and mother’s maiden name. That’s information we are asked to use for all kinds of situations, including interactions with government. This data is usually used to recover lost or forgotten passwords, and not just on the system that was broken into.

Once criminals have this data they can convince many services to let them into your accounts and each piece they unlock completes a jigsaw which can give them the power to cause havoc in your life. If you can make that even a bit less likely by using a password manager, don’t you think it’s worth it?

Businesses are welcome to talk to us about putting protection and training in place for their staff. Given how many of your workforce could have had their data compromised by this one incident, it’s time to act.