In light of the huge Yahoo hack that has reportedly affected 1 BILLION User accounts, the following “best practices” have been developed to help guide people who think they may be affected on how to create and maintain a good password:
1. Beware of Phishing Scams – Consumers need to be aware of targeted phishing scams, a socially-engineered attacks that cyber-criminals use to lure people into clicking malicious URLs with malware. This is extremely important, now that personally identifiable information (PII) is in the wild as a result of this breach.
2. Change your Yahoo password and security questions immediately, especially if you use them on multiple accounts. As a rule of thumb, don’t use the same security questions and answers for all of your accounts.
3. Make all new passwords different and difficult to guess. Cyber-criminals are now using tools that sniff out passwords reused on other, more valuable sites to make their work easier and to make the stolen passwords and other hacked data more lucrative on the dark web.
4. Include upper and lower case letters, numbers and symbols to make passwords harder to crack – refer to the Sophos How to Pick a Proper Password video for creating stronger passwords and apply the same password complexity rules to your own personal accounts.
5. Don’t trust password strength meters – these are unreliable and inaccurate