Yahoo email problems continue. I spent 3 hours yesterday to get one yahoo account password updated; and that was with yahoo help on the line. I did one other yahoo email password update where the process went through the "send a temporary password to our cell phone via text message". It is 24 hours later and still no text message.
Clearly, the servers that manage passwords are in "denial of service" mode: too many requests and not enough resource to handle them. The system just wasn't designed for this many password changes at one time.
This is a matter of gross, gross mismanagement on the part of yahoo. Up to two years hiding the fact that the email was hacked. For those of you that I have helped, I made you aware of the problem soon after the hack occurred because of the evidence- phishing attacks. Then announcing it without providing the bandwidth to change passwords.
Changing the yahoo password helped, but the information was out in "dark space" and being sold.
It is best that you make sure all your accounts:
- Have long passwords (16 characters minimum where allowed) with at least letters and numbers. Length is more important than complexity. (For Yahoo, only letters and numbers are allowed, no special characters, but I think the length limit is up to 26.)
- Do not use the same password for different sites. The first thing the bad guys do is use a hijacked password across popular financial sites on the hope that it is used on one of those sites. According to one recent article, their success rate is, by my standards, high: .2 - 2%.
- Change your passwords on a regular basis- all of them.
- Only use email systems that have two factor authentication. It's a hassle, but a must. Two factor authentication is where, if you change userid on the same computer or device OR you go to a different device, you will have to authenticate before you get access: an email or text message is sent to your cell phone or called to your land line (or mailed). You have to enter this to continue.
- Any financial site that has two factor authentication: use it.
- Always use https: for every online query and for email. There are settings in any browser that will force this. (Another topic) This makes your garbles your transmission. This doesn't necessarily make the result at either end secure.
One last thing: keeping records of all this is, obviously, anywhere from terribly inconvenient to impossible. But:
- Do not save your passwords using the save feature of a browser. Those can be hacked fairly easy. This means Google Chrome, any Microsoft product, and, yes, Mac through iCloud.
- Write your passwords down and keep them up to date. Set dates for changing passwords.
- OR use a real password manager. Some antivirus/antimalware suites, such as Norton, come with a password manager. Depending on how the information is saved, these can be fine. (The information has to be heavily encrypted and not saved on your computer.) Of the stand alone password managers I have seen to date, Lastpass is the easiest and most complete application to use. It is free for your computer and costs $12 / year for all your electronic devices.
I'm sure there are several more rules to be written, but I don't have time now. I'm off to help my neighbors.
