Rediff.com« Back to articlePrint this article

Yahoo data theft: 10 steps to protect yourself

September 23, 2016 15:58 IST

Yahoo data theft: 10 steps to protect your online identity

Now that email service provider Yahoo! has acknowledged that at least 500 million accounts of its users were hacked by a 'state-sponsored actor', it is about time to firewall/protect your online data against such organised hacks.

Listed here are 10 simple steps that every online user must take to prevent theft of their online identity and vital information like user IDs and passwords.

Illustration: Uttam Ghosh/Rediff.com

1. Unique passwords for every website

Be it ordering your favourite items or be it a hot meal, creating an account and securing it with a password has become a norm in the world of e-commerce. Many people commit the big mistake of using the same password in various websites in order to remember them easily.

This exposes their account to data breaches.

Invasive softwares like viruses, worms and keyloggers have been around since decades.

Keeping a unique password for every account is the wise thing to do.

Users can avail the services of password managers like Keepass to save and even generate unique and robust passwords for convenience.

2. Enabling two-factor authentication

Securing your precious account with just a password is passe.

Further securing the all important information at risk by a two-step verification is one of the best ways to obtain protection against remote attacks.

Users who have enabled two factor authentication will be asked for a second password which is usually pushed in the form of text via SMS or even an automated voice call to complete the authentication.

Google's mail service and many banks and credit card companies, for example, provide this security feature.

3. Comprehensive anti-virus and anti-malware software combo

Keeping the prying hackers' attempts away by securing the system is a tried and tested solution. Any malicious software like Keylogger, Trojan etc make a log of the user's activities on the system and secretly mail this information back to the hacker.

A two-pronged approach of installing an effective anti-virus along with a robust anti-malware software is a sure-shot way to obtain a high degree of protection.

Various operating systems have been providing a decent firewall since quite some time, so these two act as another layer of protection in addition to a robust OS.

4. Restricting flow of information on social media websites

We live in times where people are crazy about sharing just about anything online, and quickly at that. Be it the impromptu selfie, impending plans, or creating that album of pictures taken during the holiday trip.

The accompanying text information can look innocuous, but for trained eyes, this may be a gold mine of raw data.

Hackers can harness information from this data, which may have been mentioned inadvertently.

Users ought to make sure that such information is kept to the bare minimum.

5. Timely recycling of passwords

Keeping a good password is half the battle won. The password can still be guessed, seen, or harnessed due to lax security measures.

To keep changing the passwords every few months is a good habit, and even though it may sound tedious, the effort is surely rewarding in the longer run.

6. Downloading software from reliable sources only

Installation of software is inevitable in today's times. Softwares are installed to accomplish profession-related tasks, for entertainment, or even as anti-virus/malware software.

It is of utmost importance that the software are obtained from reliable sources only.

Any installation file infected with malware will wreak havoc, as these installations are generally approved and given all kinds of permissions by the users, making the tasks of piggybacking malware a cake walk.

7. Conducting online shopping only via reputable websites.

That extra discount may sound very tempting, but the newly appeared site may well be out there to collect the all important username password combination needed to accomplish the financial transaction.

Even legitimate websites should be double checked to ensure that they have adequate measures deployed to keep your critical information safe.

An e-wallet may well go up in smoke if the security steps have not been taken by the website.

8. Beware of phishing websites and attempts

A phishing activity is described as one to grab hold of a user's information ranging not only from username and password, but also actual name, address, date of birth, social security numbers etc.

The information thus obtained can be used to either directly crack a password, or guess it, or even via a brute force attack may be pressed into action.

Unless such information is being asked in person, or coming through legitimate channels, users should not only steer clear but should also inform the concerned authorities.

9. Using secure Wi-Fi connection

Too many times users have accessed their sensitive information while using a public Wi-Fi.

Such access while accessing public Wi-Fi hotspots is a strict no.

While free internet is tempting, it becomes too easy for hackers to sniff out the passwords via such public internet connections by using specialised software.

Even the home connections should be secured with a password and the routers should be chosen based on a robust security system like WPA/WPA2 etc.

10. Say no to automatic login feature

Convenience is definitely on our minds when we are making transactions online. But saving the login credentials on the system is clearly asking for trouble.

Such saved information can be accessed by another user accessing the terminal/device.

Additionally, logging off the system, or locking the computer before leaving it is a good habit to develop.

Himanshu Juneja