Did you know that October is National Cyber Security Awareness Month? technology + knows. That’s why this month’s Q&A is dedicated to security, with help from the local Denver security community.
Q: Because of the Yahoo breach, I immediately changed my password. I also wanted to change my security questions as well. I looked on the help page for Yahoo and the Yahoo community, but I couldn’t find anything helpful. Also, there is no way to contact Yahoo customer support (maybe others could do it, but I couldn’t). I deleted my security questions, hoping that I could add back new security answers. I couldn’t add back new security answers. Can you help me out with this? In the meantime, I set up 2-way authentication. Is this the only option available to Yahoo group users? — Jan Lundeen
tech+ It’s been a rough few months for Yahoo, as the once-powerful brand publicly acknowledged that hackers stole the credentials of 500 million users. yahoo has plenty of answers on their help pages at help.yahoo.com, but don’t try to ask for help. yahoo says it doesn’t have a customer service phone number, and if you think you called yahoo, you didn’t. you called a fake number.
- September 23, 2016 what to do if you have a yahoo account
- September 22, 2016 yahoo hack steals personal information from at least 500 million accounts
for better or worse, yahoo doesn’t want you to have any more security questions either. and that makes sense. You may have changed your password, but your security questions may be the same for many sites. yahoo wants you to disable them. (To disable your security questions, go to account settings, click “account security”, then “disable security questions” and follow the instructions).
instead, yahoo wants users to switch to an account key, a form of two-factor authentication. you must link a cell phone number to your account. From then on, every time you try to log in to Yahoo, the service will send a text message to your phone with a 4-digit code that you must enter into Yahoo as a temporary password. the steps are listed in dpo.st/yahookey.
While it can be difficult to trust yahoo, security experts agree that two-factor authentication, which requires two ways to log into an account, is the way to go.
“2FA, as it’s commonly abbreviated, adds an extra step to your basic log-in procedure, something beyond your username and password,” said Chris Richter, senior vice president of global security services at Level 3 Communications.
Beyond email, consumers can still use 2fa for multiple accounts. richter suggests visiting twofactorauth.org to see which websites offer 2fa and which don’t.
“Overall, it’s pretty easy to set up 2fa by visiting your account settings section and clicking on security and privacy. Instead of labeling the feature 2fa, some companies label it ‘login verification’. either way, you will be prompted to enter a code after your password,” he said. “Ultimately, good password hygiene is key. update your passwords every 90 days, don’t reuse passwords for multiple accounts, and think of them as a passphrase rather than a single word.”
see previous tech+ answers or ask your own tech question at dpo.st/mailbag. if you’re emailing your question, add “mailbag” in the subject line.