GASP! Shocking news (not) from Yahoo that there has been a massive data breach, with over 200 million user passwords and other personal information being sold on the ‘dark web’. Before I go into the things you should do in the event you are affected, or even if you think you are – I think this would be a good time for me to say (write) these three words, ‘ZERO-KNOWLEDGE SYSTEMS’, they are out there, they do exist and they are worth it.
Now, with that out of the way, there are some things you should do immediately if you feel you have been compromised.
Now, most security experts and Yahoo itself will tell you to sign up for two-factor authentication as it adds a layer of protection to your login process. However, I do not use two-factor authentication, if it requires sending an SMS to my phone. Mobile devices are inherently insecure and can be “socially engineered out of your control”, SMS messages, in particular, are especially vulnerable. For this reason, I personally would say no to two-factor authentication IF it is provided through your mobile network. I am sure some will say that is bad advice, but I cannot I really care – I am speaking from experience here. There are other two-factor authentication types, for example, an RSA token, that doesn’t require communication between two computers. It is far more effective and secure – although it is also less convenient which is why it is not instituted by corporate companies.
Again, let me just say that Zero-Knowledge Systems are the way to go that offer end to end encryption. If Yahoo offered that with the email services 200 million people wouldn’t have had their personal data stolen. On that note, if you are interested in using a Zero-Knowledge System email I would personally recommend Tutanota.