Have You Acted After the Biggest Hack Ever?

Last week, the tech company Yahoo confirmed that more than 500 million user accounts were hacked in 2014... one of the biggest data breaches ever.

Real names, e-mail addresses, telephone numbers, dates of birth, security questions, and passwords were all compromised... so not only is your Yahoo e-mail account at risk, so is any other account where you reused usernames or passwords.

One estimate from the Security Research department at the University of Cambridge puts password reuse as high as 49%. That means when a hacker scores a password they can use the same password to gain access to other accounts about half the time.

A more extreme survey conducted by mobile-identity company TeleSign showed that nearly 75% of folks use the same passwords... and many haven't changed their passwords in five years or more. Nearly a quarter of people still use passwords that are more than 10 years old. That's a lot of time to have a password hacked...

And once hackers have a single password, they can potentially use that one account to obtain access to many more of your e-mail accounts, social media accounts, or even your banking and financial details.

You could also see an increase in "phishing e-mails" that try to get you to click on a link that asks for personal information, credit-card numbers, or to log in before viewing a document.

Here's a few things that you can do to make sure you stay safe...

Close old accounts. One problem with the Yahoo hack is that it took more than two years for the company to discover that it had been hacked. And it's only notifying you that your personal information was leaked if you log in to your account.

If your Yahoo account was an old one that you no longer regularly use... you may not even realize that there was a breach – or that any accounts for which you used the same password are now at risk.

Change your passwords... and use better ones. Regular Retirement Millionaire readers may remember that we detailed an entrepreneurial 11-year-old this past December who may have found a way to create "unhackable" passwords...

Mira Modi of New York has started a small business generating passwords by hand and mailing them to her customers. Mira uses an old system of encryption called Diceware. She rolls a certain number of dice and matches the corresponding numbers to preselected words on a master list.

You get six words that are easy for you to remember, but difficult for computers to hack. With each word chosen, you increase your security. A six-word phrase from the 7,776-word list would take 3,505 years to crack (at 1 trillion guesses per second).

Use "two-factor authentication." Two-factor authentication requires your password plus another piece of information – like a code sent to your e-mail or mobile device associated with your account – to log in to a website. I love using this feature.

Many companies – including Google, Apple, Microsoft, and password-managing service LastPass – give you the option of using two-factor authentication, as do many banks, brokerages, and credit-card companies. And Amazon has recently started using it as well.

Tech blog Gizmodo has a guide on how to set up two-factor authentication on some websites. You can read it here.

Create your own security question. Many websites ask extra "security questions" when you register. Like your first pet's name, the color of your first car, or your mother's maiden name. If you ever forget your password, the site can use these questions to verify your identity.

Here's the problem: Instead of protecting your personal account information, they may be doing the exact opposite. The easier a question is to remember, the easier it is for a hacker to guess...

I recommend you create your own question... something that needs a detailed answer that someone can't find online. Or if you can't do that, give unrelated answers.

For example, if the question is "What was the color of your first car," answer with something like "campingmelon" or – even more secure – a random sequence of letters, numbers, and symbols.

If you're not able to remember the answers, you can write them down (just keep the paper secure) or use a password manager like LastPass. LastPass can even generate the answers for you. You can download the free basic program right here.

If you'd like to learn more ways to protect your privacy online, be sure to read The Doctor's Protocol Field Manual. Retirement Millionaire subscribers can read a digital copy of my book immediately right here. I've also put together a full special report specifically on how to maintain your online and "real life" privacy in America, right here.

What We're Reading...

Here's to our health, wealth, and a great retirement,

Dr. David Eifrig and the Retirement Millionaire Daily Research Team
September 28, 2016