Did you know October is National Cyber Security Awareness month? Tech+ knows. That’s why this month’s Q&As are dedicated to security — with help from Denver’s local security community.
Q: Because of the Yahoo breach, I immediately changed my password. I also wanted to change my security questions as well. I looked on the help page for Yahoo and the Yahoo community, but I couldn’t find anything helpful. Also, there is no way to contact Yahoo customer support (maybe others could do it, but I couldn’t). I deleted my security questions, hoping that I could add back new security answers. I couldn’t add back new security answers. Can you help me out with this? In the meantime, I set up 2-way authentication. Is this the only option available to Yahoo group users? — Jan Lundeen
Tech+ It’s been a rough few months for Yahoo as the once-mighty brand publicly acknowledged that hackers stole the credentials of 500 million users. Yahoo has extensive answers on its help pages, at help.yahoo.com, but don’t try calling for help. Yahoo says it has no customer-service phone number — and if you think you called Yahoo, you didn’t. You called a fake number.
For better or worse, Yahoo doesn’t want you to have security questions anymore either. And that makes sense. You may have changed your password, but your security questions may be the same for many sites. Yahoo wants you to disable them. (To disable your security questions, go to account settings, click “Account Security,” then “Disable security questions” and follow the instructions).
Instead, Yahoo wants users to switch to an Account Key, a form of two-factor authentication. You must link a cellphone number to your account. From then on, anytime you try to log into Yahoo, the service will text your phone a 4-digit code that you must type into Yahoo as a temporary password. Steps are listed at dpo.st/yahookey.
As while it may be hard to trust Yahoo, security experts agree that two-factor authentication, which requires two ways to get into an account, is the way to go.
“2FA, as it’s commonly abbreviated, adds an extra step to your basic log-in procedure, something beyond your username and password,” said Chris Richter, senior vice president of global security services at Level 3 Communications.
Beyond e-mail, consumers can still use 2FA for various accounts. Richter suggests checking out twofactorauth.org to see which websites offer 2FA and which don’t.
“Generally, it is pretty easy to set up 2FA by visiting the settings section of your account and clicking on security and privacy. Instead of labeling the function as 2FA, some companies label it ‘login verification.’ Either way, you will be prompted to enter a code after your password,” he said. “Ultimately, good password hygiene is key. Update your passwords every 90 days, don’t re-use passwords for multiple accounts and think of them as a passphrase, rather than a simple word.”
See past Tech+ answers or ask your own tech question at dpo.st/mailbag. If you’re e-mailing your question, please add “Mailbag” to the subject line.
