Yahoo recently announced it wants people to move away from traditional passwords in favor of Yahoo Account Key, which sends a push notification to your smartphone whenever you want to log in to your Yahoo account on a desktop.
This, in theory, will help reduce the likelihood you’ll have your account hacked since anyone trying to get into your account also has to have your phone.
Use of this new way to sign in without a password will be optional, and it remains to be seen how many people will take advantage. The feature was rolled out first in the Yahoo mail app and will be extended to the company’s other apps later.
Passwords have long been the primary identifier and authenticating tool for online accounts. However, they have proven to be vulnerable as people fail to follow the advice of choosing a unique and complex password combining small letters, capital letters and symbols for all of our accounts.
Determined identity thieves have been able to steal passwords by hacking into companies with weak security and stealing massive amounts of data, including passwords. If a person uses the same password for all of their accounts — as many people do — it becomes easy for an identity thief to gain access to multiple accounts, including online banking accounts through a data breach in which the victim’s universal password is stolen.
Other times, identity thieves will use password-cracking software that can easily pick out simple passwords by using billions of combinations. If you have a password that appears in the dictionary or is a simple numerical sequence such as 12345, you are toast.
If any of your financial accounts have been breached, you’ll need to take special care to make sure no one is trying to use credit in your name. Get your free credit report from myBankrate.
Watch those security questions
Another way that identity thieves gain access to your account is by changing your password by answering your security question. This is how Sarah Palin’s email account was compromised during the 2008 presidential campaign when the hacker answered her security question of where she met her husband by merely going to Wikipedia and finding out she met him at Wasilla High School in Alaska.
Despite the availability on many accounts of dual-factor authentication whereby you are sent a 1-time code on your smartphone after you enter your password that you must use in order to gain access to your account, many people are resistant to use it, often out of sheer laziness.
How to make your passwords safer
But there is a simple way to make your passwords and security questions safer.
Start off by taking a phrase that is easy to remember, such as “IDon’tLikePasswords.” This can be the basic element of all your passwords. Then, for added security, add a few symbols, so it reads, for example, IDon’tLikePasswords!!!. This is a strong password that is long and combines lowercase and capital letters with symbols. Now all you need to do is to adapt that basic password for each of your accounts to make it unique for each account. For example, you could adapt this for your Amazon account by making it IDon’tLikePasswords!!!Ama. That is a strong password that is easy to remember.
As for your security question, you may think that unlike Palin, the information required to answer a security question about you would not be readily available to an identity thief. Think again. Not only is there a tremendous amount of information about you that can be found on the Internet, many of us provide information to identity thieves by posting too much personal information on social media.
Strengthen your security question
So how do you make a strong security question?
You do it through nonsense. Pick a question, like what is your favorite color and make the answer “seven.” No one will be able to guess the answer to this question, and it is so ridiculous that you will remember it.
Passwords and security questions may not be around forever, but they will certainly be the dominant authentication tools for the foreseeable future, and with a little effort, you can make these resistant to the attacks of identity thieves.
Steve Weisman is a lawyer, a professor at Bentley University in Waltham, Massachusetts, author of “Identity Theft Alert” and editor of the blog scamicide.com.