Sign in with
Sign up | Sign in

Yahoo Mail and Heartbleed: How to Secure Your Account

By - Source: Tom's Guide US | B 4 comments

The Internet is still reeling from the Heartbleed bug, a recently discovered flaw in the OpenSSL encryption library that many websites, including Yahoo, use to secure Internet data. Today (April 9), Yahoo confirmed to reporters that it had upgraded its OpenSSL to a safe version and fixed the flaw on most of its servers.

You should now change the password on your Yahoo account, as well as any other accounts that use the same username and/or password. You can also check to see whether your Yahoo account was compromised during the almost two years the Heartbleed bug was active, and what to do if the answer is yes.

MORE: Heartbleed: Who Was Affected, What to Do Now

How to change your Yahoo password

Here's how to change your Yahoo password. If you're already signed in, just skip to number 3.

1. Sign in to your Yahoo account. Go to the Yahoo homepage, www.yahoo.com, and click the "Sign In" button in the upper right.

2. Enter your Yahoo ID (usually your email address) and your password.

3. Click on "Account Settings." You can access this by hovering your mouse over the "Hello [Name]" button in the upper right of the screen. This will make a menu containing the "Account Settings" button appear.This should take you to https://profile.yahoo.com/y/settings/.

4. In the Yahoo Settings page, click on "Account info."

5. Re-enter your password.


6. Under "Sign-In and Security" click "Change your password."

7. Re-enter your old password, then create a new password and enter it where prompted. A good password should be over 20 characters long, contain no actual words and contain numbers, capital letters and punctuation marks. It's not enough to simply replace O's with zeroes and I's with ones, as all but the simplest password-cracking algorithms try these simple substitutions while performing "dictionary" attacks.

If you need help creating a strong but memorable password, try this tip from security expert Bruce Schneier: take a long sentence or phrase and turn it into a password by taking the first letter of each word and replacing some of the letters with numbers or special characters. You could also use a password manager, a piece of software that creates and manages strong, unique passwords for each online account you have. Our sister site Top Ten Reviews has an overview of the best available.

How to check your Yahoo activity log

1. Go back to your Account Info page, and under "Sign-In and Security" click "View your recent sign-in activity."

2. Look through your logs for the following information: Accesses from locations where you don't usually log into Yahoo, and unusual types of access. For example, if you see an access from a mobile device, but you don't use your Yahoo account on a mobile device, that's a warning sign. (Note: the below picture only has two access records because the Yahoo account depicted was created for the purposes of this article).

What to do if you think you've been compromised

If you see some suspicious activity on your access logs, there are a few things you can do.

1. Contact Yahoo's customer care by going to help.yahoo.com and clicking "Contact Customer Care" on the right side of the screen.

In the meantime, here are some things you can do to strengthen your account security.

2. Turn on two-step verification by going back to the Account Info page and clicking "Set up your second sign-in verification."


MORE: How to Turn On 2-Step Verification in Yahoo, Google, Apple and Dropbox

3. Change your security questions by going back to the Account Info page and clicking "Update password-reset info." If you have other backup info, such as a mobile number or alternate email address you might not have the option of choosing a security question.

3. Make sure you're saving your sent emails. That way you can see a record of any emails sent using your account.

You can also check Yahoo's guide for securing a hacked account for more tips and how-tos.

Email jscharr@techmedianetwork.com or follow her @JillScharr and Google+.  Follow us @TomsGuide, on Facebook and on Google+.

Discuss
Ask a Category Expert

Create a new thread in the Streaming Video & TVs forum about this subject

Example: Notebook, Android, SSD hard drive

This thread is closed for comments
  • 0 Hide
    hsmme , April 9, 2014 4:03 PM
    Thank you for your article. I don't use Yahoo mail, but I do use YahooGroups. How does this affect it? I'm assuming the same, but is there a way to determine if it was part of the vulnerability or to assess if there was unauthorized access as with the Yahoo mail?
  • 0 Hide
    andyetanotheraccount , April 9, 2014 11:15 PM
    In your article, you state at the beginning "today (April 9), Yahoo confirmed to reporters that it had upgraded its OpenSSL to a safe version and fixed the flaw on most of its servers." Can you please site your source for this? I can't find confirmation of this, most reports on the internet still list Yahoo! as vulnerable...
  • 0 Hide
    Paul Wagenseil , April 11, 2014 7:19 AM
    A Yahoo representative emailed Tom's Guide to say that the company's servers had mostly been patched. As far as we can tell, Yahoo has released no public statement to that effect, nor advised its users to update their passwords. But we think all Yahoo users should update their passwords immediately, and also change those passwords if they were used for any other site or service.
  • Display all 4 comments.
  • 0 Hide
    frankblank , April 11, 2014 1:47 PM
    It's april 11. On my yahoo account, no option to "view your recent sign in activity."
Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter