Yahoo recently disclosed it asked an undisclosed number of its email customers to reset their passwords. The company discovered hackers had obtained a number of Yahoo email login credentials from a third-party database and then used the credentials to access Yahoo email accounts.
Yahoo has a history of being targeted for email-related attacks. Last year, a number of European Yahoo users reported their devices had been compromised by malicious ads displayed on Yahoo’s websites. In 2012, the hacktivist group D33Ds Co. stole 400,000 Yahoo usernames and passwords and posted the information online. If you have a Yahoo email account, install the best antivirus software for email security, which can scan attachments and warn you when those attachments are malicious. Also, take some common-sense steps to protect your login information.
Is Yahoo Less Secure Than Outlook or Gmail?
Although Yahoo is gradually making its email service more secure, it has lagged behind rivals Gmail and Outlook for years. Yahoo has finally added full-session HTTPS for connections between users and its email service in late 2013, but Gmail has had HTTPS for four years, and Outlook.com had HTTPS to encrypt sign-in information when it relaunched in 2012.
Yahoo’s implementation of HTTPS has been sporadic because it’s inconsistent across servers. In some cases, it isn’t secure. For example, some Yahoo servers use RC4 as their encryption cipher, which is regarded by most security experts as a weak cipher. In fact, Microsoft advised its customers to enable TLS1.2 AES-GCM last year and to completely disable RC4. However, not all Yahoo servers support TLS1, and even on servers using AES, Yahoo hasn’t set up mitigations for known attacks like CRIME and BEAST.
4 Simple Ways to Secure Your Yahoo Email Account
Yahoo email users can take simple steps to secure email account information:
1. Basic password security
The principles of password security are worth repeating because so many people don’t implement them on a regular basis. Use a password containing a combination of upper- and lower-case letters, numbers and symbols. Make your password as long and complex as possible, try not to repeat passwords across multiple accounts and change your passwords often.
By the way, “password” and “123456” are terrible passwords.
For good measure, avoid any of the passwords on this year’s list of the Top 25 Worst Passwords.
2. Use a password manager
Most users don’t want to create different passwords — especially different complicated passwords — because they’re impossible to remember. Password managers like LastPass, Keeper and 1Password enable users to store their passwords in a separate data vault.
Instead of typing in a password, you click on an icon to pull up the saved and encrypted password information. Click the buttons within the password manager window to populate the password field. You can save numerous complex passwords, a different one for every site, without worrying about remembering them or looking them up.
3. Enable two-factor authentication
Enabling two-factor authentication on your Yahoo mail account adds a second layer of security. On your home page, find the settings icon in the top right corner. Hover your cursor over the settings icon and then click on “account info.” On the account info page, choose “set up your second sign-in verification.” Yahoo can then send a code to your mobile phone or to another email account, or it can ask you a security question. You enter the code or the answer after entering your login information.
Anyone who tries to login to your Yahoo account without authorization cannot get in without providing this added information.
4. Investigate SSL security
You may have a Yahoo email account because it’s the default email account offered by your Internet service provider (ISP). If so, call your ISP and ask whether SSL encryption is available for your Yahoo account. SSL encryption is particularly important when you access your Yahoo account through a third-party client, like MS Outlook, or through your phone’s email client.
In many cases, these steps will be enough to secure your Yahoo account from an attacker. Hopefully, the company will prioritize email security in 2014 — and its email service will offer security features on par with Gmail and Outlook. In the meantime, you can be proactive, and install antivirus protection and exercise vigilance.
Photo credit: Placeit.net, mkavakov/BigStockPhoto.com