Read The Times Australia

Daily Bulletin

Will the hack of 500 million Yahoo accounts get everyone to protect their passwords?

  • Written by: David Glance, Director of UWA Centre for Software Practice, University of Western Australia
image

Yahoo has confirmed that account information of around 500 million users was stolen by hackers in 2014. This hack, which Yahoo blamed on a foreign “state-sponsored actor”, could have been part of, or following on from, an earlier breach in 2012 in which 450,000 accounts were compromised.

Other than the immediate concern of a password being compromised, there is additional information that was stolen such as the answer to security challenge questions, phone numbers, linked email addresses and dates of birth.

The latest hack is the latest in a regular succession of incidents with large organisations in which account information has been stolen and compromised. And this is only the times when specific organisations have lost large scale numbers of user account information. The everyday compromise of accounts and passwords through malware and phishing attacks is ongoing and persistent.

Given how hard it has been to keep passwords secure, companies have been looking at alternative approaches. Ironically enough, given the poor security that lead to the loss of 500 million accounts, Yahoo is one of the companies that has introduced technology that has tried to do just that.

In 2015, Yahoo introduced a service called Account Key. Account Key works by using push notifications to a Yahoo app on your mobile phone that will pop up a screen asking whether you are trying to sign in to another Yahoo app anywhere else. It will then provide an key consisting of letters that you type into the login window of the other app.

Other than the initial setting up of Account Key, you don’t need to use a password again. Google has been experimenting with a similar system and right now, the Google app can be used as the second factor in 2 factor authentication.

This type of password-less login is different from 2 factor authentication which is another approach to add protection to the use of a password. In 2 factor authentication, which you can use on Apple iCloud, Google, Facebook and other accounts (including Yahoo), users still use a password but also use an app on their phone to provide an access key that is available for a limited time when a user logs in. 2 factor authentication works on the principle of using “something you know”, i.e. your password, and “something you own”, i.e. your phone.

Apple and others have been introducing biometrics to act in the place of passwords and pins on apps on iPhone and Android phones. The fingerprint sensor on iPhones and phones like the Samsung Galaxy range of phones can be used to access many apps. Whilst this is convenient, it doesn’t replace passwords or pins entirely because these are still needed periodically and so theoretically passwords could still be compromised if the system, or its data, was accessed.

Likewise Apple’s new feature on MacOS Sierra whereby an Apple Mac can be unlocked automatically using an owner’s Apple Watch. Again, a password is still needed for the system, the Apple Watch just becomes a convenience feature to access the system quickly when in regular use.

2 factor authentication is still by far the safest way to protect against hackers getting access to a system even if they have managed to get a password. If accounts from Google and Facebook are being used to authorise access to other apps, it becomes even more important that these accounts in particular are protected. Even though Google’s and Facebook’s security is considered to be very good, the security of the system doesn’t protect an individual’s account details from being compromised through a targeted attack like phishing.

Yahoo has managed to dispense with passwords but the system does rely on the user having access to their phone, having a working network and that phone itself having security applied to it. Also, because the Yahoo mail app for example is always logged in, in order to provide Access Keys, anyone getting access to the unlocked phone can get access to a user’s Yahoo Access Keys. Even with 2 factor authentication, keeping the phone protected becomes critical because if it is lost, it could provide the person who has it with the means to reset passwords and get access to all accounts it is protecting.

The advice to anyone still using Yahoo (which by now must be a rapidly diminishing number) has been to switch to 2 factor authentication, or use Google instead.

Authors: David Glance, Director of UWA Centre for Software Practice, University of Western Australia

Read more http://theconversation.com/will-the-hack-of-500-million-yahoo-accounts-get-everyone-to-protect-their-passwords-65987

Business News

When Should You Speak to a Lawyer About a Legal Issue?

Legal issues can begin with a simple question, then become harder to manage once formal steps are involved. Many people wait until a matter feels urgent before seeking guidance, even though earlier ...

Daily Bulletin - avatar Daily Bulletin

The strategic rise of Bali as Australia’s next essential healthcare support hub

As Australian healthcare providers grapple with unprecedented operational bottlenecks, a new nearshore model is quietly transforming patient care delivery. Forward-thinking organisations,  including...

Daily Bulletin - avatar Daily Bulletin

Cost Savings and Benefits of Using Used Pallets in Logistics

In today’s competitive logistics and supply chain industry, businesses are constantly looking for ways to reduce operational costs without compromising efficiency and reliability. One of the most prac...

Daily Bulletin - avatar Daily Bulletin

How Fulfilment Services in Australia Help Businesses Scale Efficiently

The growth of e-commerce and modern retail has transformed customer expectations. Consumers now expect fast shipping, accurate order processing, and seamless delivery experiences regardless of where...

Daily Bulletin - avatar Daily Bulletin

Practical Ways Australian Workplaces Can Reduce Operating Costs

Reducing business costs doesn’t always mean cutting staff, shrinking services or making the workplace feel bare-bones. In many cases, the smarter savings are hiding in everyday operations: the light...

Daily Bulletin - avatar Daily Bulletin

Executive Recruitment Solutions That Help Organisations Secure Exceptional Leaders

Leadership has a direct impact on organisational performance, employee engagement, strategic growth, and long-term success. Businesses operating in increasingly competitive environments require experi...

Daily Bulletin - avatar Daily Bulletin

Why A WooCommerce Website Designer Matters For Online Growth

Running an online store today requires more than simply listing products and waiting for customers to arrive. Businesses need a website that is fast, reliable, easy to navigate, and designed to suppor...

Daily Bulletin - avatar Daily Bulletin

Turning Your Empty Tables into Revenue

The rise of AI demand tools in hospitality, the EatClub–CommBank partnership, and seven trends reshaping Australian dining  A growing number of Australian venues are turning to AI-powered demand mana...

Daily Bulletin - avatar Daily Bulletin

High-Impact Dental Marketing Strategies That Are Driving Real Practice Growth Today

The landscape of dental practice growth in Australia has shifted dramatically over recent years. Standard, broad-spectrum advertising campaigns no longer yield the return on investment they once did. ...

Daily Bulletin - avatar Daily Bulletin

The Daily Magazine

DIY Rodent Control Vs Professional Help: When Is It Time To Call The Experts?

Rodents are one of the most frustrating pest problems for Australian property owners. Rats and mic...

Lighting Shop in Perth: How The Right Lighting Can Transform Your Home And Business

The right lighting can completely change the look, feel, and functionality of any space. Whether it ...

Traffic Light System Solutions For Safer And More Efficient Traffic Management

Modern cities and growing communities rely heavily on effective traffic management to ensure safety...

Gold Migration Lawyers in Liquidation: How the Closure Affects Your ART Appeal

If your appeal was with Gold Migration Lawyers, a recent change to how the Tribunal decides cases ...

The pressure cooker: life in urban Australia in 2026

Australian cities have always been demanding. Long commutes, rising housing costs, busy schedules a...

What Actually Makes a Good Criminal Lawyer in Melbourne

Most people only think about this question once. That is usually too late. Most people charged wi...

Why Working With A Chatswood Tutor Can Improve Academic Performance

Academic expectations continue increasing for students across primary school, high school, and senio...

Is It Worth Getting Solar Panels in Melbourne?

The real question is not whether solar works in Melbourne. It works. The question is what it is co...

How A Diploma Of Project Management Builds Practical Skills For Modern Work Environments

Developing the ability to plan, execute, and deliver outcomes efficiently is a key requirement in to...