Last FM, LinkedIn and now Yahoo. Crafty hackers had the last laugh on Thursday after releasing 450,000 hacked passwords of Yahoo users online.
We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat, read a note posted on the page where the passwords were dumped. There have been many security holes exploited in Web servers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly.
In a statement Yahoo claims that less than 5 percent of their accounts were compromised in this security breach, but that's still over 400,000 users who were left angry and frustrated when offered no real solution apart from to change their password.
At Yahoo! we take security very seriously and invest heavily in protective measures to ensure the security of our users and their data across all our products, the statement said, CNN reported. We are fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose user's accounts may have been compromised.
While many users have taken this opportunity to flock away from Yahoo into better encrypted servers such as Gmail, the online security giant McAfee offers the following tips for password safety:
Make sure you use different passwords for each of your accounts.
Be sure no one watches when you enter your password.
Always log off if you leave your device and anyone is around-it only takes a moment for someone to steal or change the password.
Use comprehensive security software and keep it up to date to avoid keyloggers (keystroke loggers) and other malware.
Avoid entering passwords on computers you don't control (like computers at an Internet café or library)-they may have malware that steals your passwords.
Avoid entering passwords when using unsecured Wi-Fi connections (like at the airport or coffee shop)-hackers can intercept your passwords and data over this unsecured connection.
Don't tell anyone your password. Your trusted friend now might not be your friend in the future. Keep your passwords safe by keeping them to yourself.
Depending on the sensitivity of the information being protected, you should change your passwords periodically, and avoid reusing a password for at least one year.
Do use at least eight characters of lowercase and uppercase letters, numbers, and symbols in your password. Remember, the more the merrier.
Strong passwords are easy to remember but hard to guess. Iam:)2b29! - This has 10 characters and says I am happy to be 29! I wish.
Use the keyboard as a palette to create shapes. %tgbHU8*- Follow that on the keyboard. It's a V. The letter V starting with any of the top keys. To change these periodically, you can slide them across the keyboard. Use W if you are feeling all crazy
Have fun with known short codes or sentences or phrases. 2B-or-Not_2b? -This one says To be or not to be?
It's okay to write down your passwords, just keep them away from your computer and mixed in with other numbers and letters so it's not apparent that it's a password.
You can also write a tip sheet which will give you a clue to remember your password, but doesn't actually contain your password on it. For example, in the example above, your tip sheet might read To be, or not to be?
Check your password strength. If the site you are signing up for offers a password strength analyzer, pay attention to it and heed its advice.
In the end, it's the responsibility to the public to protect themselves, Robert Siciliano, an Online Security Expert to McAfee told the Business Standard. 'This disclosure now requires those currently exposed to change their password. The rule of thumb is to change your passwords frequently, every six months. It's a cliché, but true, passwords need to be strong. Let the keyboard be your palate and be creative, he added.