The Internet is still reeling from the Heartbleed bug, a recently discovered flaw in the OpenSSL encryption library that many websites, including Yahoo, use to secure Internet data. Today (April 9), Yahoo confirmed to reporters that it had upgraded its OpenSSL to a safe version and fixed the flaw on most of its servers.
You should now change the password on your Yahoo account, as well as any other accounts that use the same username and/or password. You can also check to see whether your Yahoo account was compromised during the almost two years the Heartbleed bug was active, and what to do if the answer is yes.
How to change your Yahoo password
Here's how to change your Yahoo password. If you're already signed in, just skip to number 3.
1. Sign in to your Yahoo account. Go to the Yahoo homepage, www.yahoo.com, and click the "Sign In" button in the upper right.
2. Enter your Yahoo ID (usually your email address) and your password.
3. Click on "Account Settings." You can access this by hovering your mouse over the "Hello [Name]" button in the upper right of the screen. This will make a menu containing the "Account Settings" button appear.This should take you to https://profile.yahoo.com/y/settings/.
4. In the Yahoo Settings page, click on "Account info."
5. Re-enter your password.
6. Under "Sign-In and Security" click "Change your password."
7. Re-enter your old password, then create a new password and enter it where prompted. A good password should be over 20 characters long, contain no actual words and contain numbers, capital letters and punctuation marks. It's not enough to simply replace O's with zeroes and I's with ones, as all but the simplest password-cracking algorithms try these simple substitutions while performing "dictionary" attacks.
If you need help creating a strong but memorable password, try this tip from security expert Bruce Schneier: take a long sentence or phrase and turn it into a password by taking the first letter of each word and replacing some of the letters with numbers or special characters. You could also use a password manager, a piece of software that creates and manages strong, unique passwords for each online account you have. Our sister site Top Ten Reviews has an overview of the best available.
How to check your Yahoo activity log
1. Go back to your Account Info page, and under "Sign-In and Security" click "View your recent sign-in activity."
2. Look through your logs for the following information: Accesses from locations where you don't usually log into Yahoo, and unusual types of access. For example, if you see an access from a mobile device, but you don't use your Yahoo account on a mobile device, that's a warning sign. (Note: the below picture only has two access records because the Yahoo account depicted was created for the purposes of this article).
What to do if you think you've been compromised
If you see some suspicious activity on your access logs, there are a few things you can do.
1. Contact Yahoo's customer care by going to help.yahoo.com and clicking "Contact Customer Care" on the right side of the screen.
In the meantime, here are some things you can do to strengthen your account security.
2. Turn on two-step verification by going back to the Account Info page and clicking "Set up your second sign-in verification."
3. Change your security questions by going back to the Account Info page and clicking "Update password-reset info." If you have other backup info, such as a mobile number or alternate email address you might not have the option of choosing a security question.
3. Make sure you're saving your sent emails. That way you can see a record of any emails sent using your account.
You can also check Yahoo's guide for securing a hacked account for more tips and how-tos.