In case you needed another reason for regularly changing your passwords, the recently-uncovered Yahoo hack of 500 million accounts is probably the reason of the decade so far. The hack and subsequent data theft involving half a billion Yahoo accounts is the largest of its kind – ever. Granted, it is Yahoo, where most people don’t send or store any sensitive data like payment card information (PCI) or other personally-identifiable or compromising information anyway, but it’s the principle of the thing. The Web-based giant has confirmed that the hacked information includes:
Yahoo is alleging that the massive data breach “didn’t include unprotected passwords, payment card data, or bank account information.” The popular search engine and email host denies that it stores any payment card or bank account information in its database. And, although it blames a “state-sponsored actor” for the cyberattack (apparently from Russia, according to Yahoo and US intelligence officials), the fact remains that Yahoo allowed a hack of epic proportions to happen on its servers and domains, making the practical point clear to all of us: “Change and encrypt your passwords regularly.”
The Yahoo hack resembles previous data breaches of huge Web-based giants like LinkedIn, Tumblr, and Adobe, as well as healthcare facility hacks where Ukrainian hackers claimed responsibility for at least one of them. This latest and biggest hack ever is so disconcerting, because the cyber breach occurred a full two years earlier. It repeats a pattern we have seen in these cybercrime cases where we don’t learn of the data thefts until well after they have happened. And, it’s also disconcerting for another glaring reason: Yahoo failed to inform its users of the hack and suggest a password reset in August 2016 when the news was first made public.
The Password-Changing Argument
There is great debate amongst white hat hackers and IT specialists on whether regular password changes are a good thing or not. The argument for seems to stem from situations like the Yahoo hack – basically, the “change when urgently required” rule. Studies have shown that routine password changes of every few months appear only to frustrate office staff, with new passwords only being variations on old ones anyway, and written on sticky notes attached to monitors, which defeats the purpose of safety. But, the pro-password change argument remains in serious cases like data breaches involving half a billion accounts.
Basically, no one’s data is 100% safe online, even when supposedly protected over secure servers and databases. Too-frequent password changing may be just as risky as never changing them, so a happy medium here is prudent. A good rule of thumb is to stick with one hard-to-decrypt password, maybe alter a number or letter here and there, and never share any financial or personally-compromising information on unsecured channels of communication.
Thanks for helping us upgrade our Macs and get them working exactly as our business needs! Fast, convenient and very knowledgeable! You’re the best!
Alary Technologies has been our IT support team for the past year at the START Clinic for Mood and Anxiety Disorders. They have done a excellent job in upgrading our system, organization, and supporting us in technical computer matters. Compared to other IT companies we have worked with, Alary Technologies comes on top. Ahmed Kufaishi the Managing Director at Alary Technologies is solution focused, knowledgeable and makes an effort to really understand his clients’ needs. It has been a pleasure to work with Ahmed and Alary Technologies. I would recommend their services to other companies and clinics.
“We continue to work with Alary Technologies due to the fact that they are quite educated and knowledge based with current upgrades, and their commitment to their customers.”
Ahmed has been providing our company with expert IT services for close to 3 years. He has guided us through hardware upgrades, server back up procedures and was instrumental in brokering a custom software program that fully automated some key functions in our business. Ahmed has always been thoroughly professional in all his dealings with us and has provided consistent and sound advise for all of our IT requirements. We consider Ahmed and Alary Technologies to be an important partner for our business.
It is refreshing to work with someone who can organize things and describe in plain language. I have a large and growing knowledge base for my work as an architect. I have realized that I can’t do everything, that I do need a team member who can look after this one relatively small by crucial part of my practice.