According to a security report released by Yahoo, if you had a Yahoo account in 2013, it was most likely hacked, and if you are still using the account, you must secure your email account by taking the necessary steps.
As per the report, around 3 billion accounts were compromised and the hackers were able to find usernames and passwords for a large number of email accounts.
If you have a Yahoo mail account, you should immediately change the password.
Here are some additional security tips you need to follow to secure a Yahoo account.
Avoid reusing passwords
With so many password management solutions easily available, it makes no sense to reuse passwords across different mail accounts and websites. You need to follow a policy of creating a unique and complex password for every mail account, including your Yahoo account. If you are having trouble remembering passwords, you can use passphrases. For example, you can use a phrase you like and include some numbers and punctuation marks in it.
According to a report published by Yahoo, the company had detected a security breach back in 2013 when they stored the passwords in the form of MD5 hashes that can be easily cracked. If you haven’t changed your Yahoo email account password for a long time, you should change the password immediately and also review the security of your email account.
There is a possibility hackers have already hacked your account and had enough time to steal sensitive data. So without any further delay, change your Yahoo account password to secure your email account.
Secure your account with two-step verification
Today almost every email service provider, including Yahoo, offers two-step verification for accounts. The two-step verification requires the user to enter the OTP code sent by the email service provider. The OTP code is sent to the mobile number registered with your Yahoo account. If you haven’t linked your phone number with your Yahoo account, do so now and activate the two-step verification to secure your Yahoo account.
Yahoo has gone a step further and has completely done away with the use of passwords to access your account. The company has introduced a new feature “Account Key” that requires sign-in approval via phone notifications. The two-step verification is an additional layer of security which will protect unauthorized access to your email account even if the hacker steals the password.
Don’t save unnecessary emails
Since email service providers provide around 1GB or more space to email users, space is no longer a problem. However, this feature puts your email account at risk in another way.
Because we usually no longer delete unnecessary emails, it is easier for hackers to doscover which other accounts are linked to your Yahoo email account. They can easily find out information about other email accounts or other user accounts by searching for emails related to sign-up or notification emails that include important information.
Besides gathering information about different mail and other user accounts, the hackers can also uncover the pattern you use for creating account names or usernames.
With this in mind it is important to consider cleaning up your inbox. Delete all unnecessary emails like sign-up emails, password reset emails and other notification emails in order to make your Yahoo account more secure.
Check your mail forward settings
Email forwarding is generally a “set and forget it” setting. Since the setting is buried inside mail settings menu, we only access it when we need to set new email forwarding settings.
Hackers are aware of this behavior and can exploit it to get access to your emails without your knowledge. They only need to gain access to your Yahoo email account once and set up a mail forwarding rule so that important emails are automatically forwarded to their email account. This also works in their favor as you will never get information about suspicious log-in attempts from unrecognized locations or IP addresses.
It is very important to check your email forwarding settings immediately to ensure hackers have not exploited this option. If you see any suspicious or unrecognized email forwarding rule set, delete the rule immediately. Also, make it a habit to periodically check your email forwarding settings for any suspicious activity.
Check reply-to settings
The Reply-to settings can also be exploited by the hacker to get access to sensitive emails and information. After hacking your email account, hackers can easily change the reply-to settings so that people replying to your emails will reply to hackers instead. The hacker can make subtle changes in the email address that are hard to notice at a glance. The risk in reply-to email is higher as the hacker can also change the display name to your known contacts to hide the email address.
Change your security questions and answers
Remember security question plays an important role in “forgot password” procedure. It is necessary so you can easily remember the answer by looking at the question, but at the same time the question must be hard enough to prevent others from guessing the answer.
Most sites ask you to set security questions and answers. Use this option to your advantage by asking tough questions and the answers that would be extremely hard to guess.
You should change the security question to ensure it is
- Not easily guessed or searched
- Is simple yet definitive
- Doesn’t change over time
- Is memorable
Phishing is followed by breaches
Generally phishing attempts will come in quick succession after security breaches such as that experienced by Yahoo. Hackers are known to send security notifications that contain instructions to download malware on your computer. These malicious tools can then direct users to malicious websites where you are required to key in additional information under the guise of additional verification.
Be sure to check the source of such notification emails that request you to download some security tool. Yahoo users can easily recognize genuine emails from the service provider. These notifications emails can be easily recognized in Yahoo mail interface and it is marked by purple Y! Icon. Email service providers don’t ask users to enter additional information on third-party pages. So be selective when sharing information on external links.
The security tips above will help secure your Yahoo account. You should change your password periodically to ensure you maintain this security.