Protecting your online account is accomplished by taking a series of steps. The first step is to create a better mousetrap. That mousetrap begins creating a password that is more difficult to guess.
Use a Strong Password
For those that aren’t familiar with this term, a Strong Password is one that contains (where permitted by the website or service) a combination lower case letters, uppercase letters, numbers, punctuation or other special characters to make up a password. The longer the password is, the long it will take for someone to guess or hack your password. This is an area where I am probably as guilty as everyone else is on this. I have a “favorite” password or two that I liked to use in the past. This kept me from having to have a way to keep track of all the passwords that I used on different websites. With more websites adding additional layers of security such as challenge questions, etc., I have had to start using a password manager app to help keep track of the different passwords, the challenge questions and answers used on a particular website, the recovery procedure if I am locked out of a website, what additional login procedures I have used for that site, etc.
Use a Unique Password
This one will be a bit of a pain but the time taken to do this will pay off in the long run. Look at it this way, if one of your logins on a particular site is compromised or hacked, you have taken a step to minimize the potential for additional website logins to be breached as well. Most password manager apps have the functionality of helping you generate a unique password. There are other apps that do this as well. A search of the app store for your phone or the internet for you laptop/desktop should show you some options to look at.
Different websites have different rules for how you can make your password strong. Some will let you use “special” characters such as * or +, others wont let you use those characters but will make sure that you don’t use a password that can be looked up as a dictionary word. Some will not allow the same character or number to be used repeatedly. Remember, the more uniqueness you can have in a password makes it that much more difficult for someone to hack your account.
Enabling Two Factor Authentication
– Login to Yahoo account
– Click on Name
– Click on Account Info
– Click on Account Security
– Click on Two Factor Authentication
– Enter phone number to call
– Click Send SMS
– Enter code sent and click on Verify button
There are times such as when you link your Yahoo account with something like IFTTT and using 2FA (Two Factor Authentication) won’t be an option. This is where an application password will be useful. You will want to generate a different Application Password for each situation like this that you have. In that way, if one app does get compromised, you have the ability to block access from that app without having to redo your authentication setup. Click Skip for now and you can set this up later if needed.
Test Two Factor Authentication
– Logout of your Yahoo account
– Log back in and test the two factor authentication
– Enter your username and password
– Follow the steps on the screen as indicated for the two factor authentication you have setup
With Yahoo, you have the option of using the Two Factor Authentication option you initially setup before using the FIDO U2F key. If you don’t have that key available, click Use mobile authenticator option to use that option instead.
Note: If your account was active before the breakin recently reported by Yahoo, you will be prompted to disable the security questions/passwords that you setup. While I understand why Yahoo chose to do this, I would hope that at some point that they would restore this option. In my book, I cover how to use security questions to your advantage.
To learn how to protect your other social media and login accounts, purchase a copy of my book “The Hackers Are Coming…”“. This book covers how to protect your other online accounts to make it as difficult as possible for someone to hack into your account.