500 million Yahoo accounts breached

USA Today has the article 500 million Yahoo accounts breached.

Most consumers might not think there’s much in their Yahoo account that would be of use to hackers, which typically might only include their email and Yahoo password. However, those two bits of information offer multiple uses for ingenious hackers bent on extracting the maximum value from information, say experts.

Of course this article was not written by a person with any computer security knowledge so it can be forgiven if it says dumb things. Let us just hope this is a dumb thing invented by the author of the article and not something Yahoo actually does.

Only the most naive, untrained, and untalented software engineer would ever store people’s passwords anywhere on their computer systems or anywhere else in the world. I won’t go into the details, but once Yahoo receives your encrypted password from a form you fill out in your browser and they do what they have to with it, both the encrypted and unencrypted versions of the password should be wiped from existence. Once wiped, Yahoo should have no knowledge of what your password is. That is why they should not be able to send your password to you if you forget it. If any site ever sends your permanent password to you, then you know that they are security idiots.

So the only passwords that a hacker could steal are the ones that users were foolish enough to put in an email or some other document they stored on Yahoo. So let this be a lesson to you. Don’t ever write down your passwords on a piece of paper, or in a computer file, or in an email, or any other analog or digital medium. Also, don’t ever use the same password twice (or more).

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.