It's been a couple
months since Yahoo confirmed it had been hit with a massive security breach.
The hackers gained access to over 500 million user records back in late 2014.
To date, this data breach is the largest in history.

Most of the people I
know claim to not have a Yahoo account. Most people see a yahoo email address
as a sign of limited technical knowledge, almost a sign of shame. However, if
you ask the same people if they play Fantasy Sports using the Yahoo app, the
answer changes. A lot of people also seemed to have setup a Yahoo mail account
years ago as their throw away email account.
Anyone that has a
Yahoo account, for whatever reason, needs to login and change their password.
I've heard a lot of
people say "well I never use the account anymore". The problem with
this line of thinking is that the data that was stolen included personal
information, date of birth, phone numbers, hashed passwords and security
questions and answers.
It's that last piece
of information that is worrisome. Many accounts today have you answer two or
three questions that they will use to confirm your identity when you forget
your account. The largest problem with security questions is the static
answers. Your mom NEVER changes her maiden name. You cannot go back in time to
change the name of your first pet. While most of these answers can be found in
social media anyway, they never change. If they are available in the Yahoo
breach, they can be used by hackers to reset passwords to other accounts.
Security experts have
been preaching for years that everyone needs to use password managers to easily
allow the common user to have long, random and DIFFERENT passwords for each
website. While this will help with keeping our accounts secure, we need to
apply this same principle to our security questions.
Each time we fill out
a security question for a site, we should be using a random password. Storing
this information in a secure password manager like LastPass or 1Password will
allow you to find it whenever you need to supply it to the website again.
I'm sure my mother
would be shocked to learn that her maiden name is yWVG\fU`{y#i, 3Z9*cW51TtKLNQ
and ut$-%F35\, however, it will protect me from data breaches in the future
containing this information.