[Noisebridge-discuss] email password cracked - what to do?
Seth David Schoen
schoen at loyalty.org
Mon Sep 5 19:19:32 UTC 2011
Frantisek Apfelbeck writes:
> Hi there!
> Several email accounts (yahoo) of my friends were compromised in the last few weeks probably due to the weak access passwords. I wonder if it is enough to log in and set a new stronger password and make sure that the internal info for access to different blogs, bank accounts etc which could be among the emails is secured = passwords changed etc.
>
> Is this the right way to go?
>
> Is there something else to do?
You might also want to consider whether there's some other way that
the passwords were compromised, such as a software keylogger installed
on one of the machines that they use to access these accounts. And
make sure that the software on the computers they use is being kept
up-to-date. Ideally, people should avoid typing sensitive
information like passwords on computers whose security they can't
guarantee (like most public computers).
Google is now offering two-factor authentication (which they call
"two-step verification") for Google accounts, if your friends would
consider using Google instead of Yahoo and also accepting less
convenience for greater security. Or they can ask Yahoo to implement
the same feature.
http://googleblog.blogspot.com/2011/02/advanced-sign-in-security-for-your.html
Two-factor authentication is a pretty good defense against keyloggers
because the passwords that the keyloggers can capture won't be
sufficient to log in to the service again later.
--
Seth David Schoen <schoen at loyalty.org> | No haiku patents
http://www.loyalty.org/~schoen/ | means I've no incentive to
FD9A6AA28193A9F03D4BF4ADC11B36DC9C7DD150 | -- Don Marti
More information about the Noisebridge-discuss
mailing list