The biggest news of this month, and maybe this year, is Yahoo's confirmation of a data breach that affected 500 million of its users.
For your safety, it's important that you act fast to avoid the inevitable fallout from this confirmed attack.
To secure your Yahoo account and your other accounts, here's what you need to do:
1. Change your Yahoo password now
As advised by Yahoo, if you haven't done so, change your Yahoo account password now, especially if you haven't updated it since 2014.
2. Change your Yahoo secret questions and answers
To do this, sign into your Yahoo account, go to the Account Info page and then, Sign-in and Security.
3. Enable Two-step Verification
After changing your Yahoo password and secret questions, we recommend turning on two-step verification for your Yahoo account.
Two-factor verification will send a security code SMS to your smartphone whenever someone tries to log in to your Yahoo account from an unknown device. This code, together with your password, will add extra layers of security to your account.
To turn this on, go to your Yahoo Account Info page >> Account Security >> Click "Two-step verification" to "On" >> Enter your phone number. Click Send SMS and enter the code supplied by sent text message to verify your number.
4. Set up a Yahoo Account Key
Beyond Two-step Verification, you can also setup a Yahoo Account Key. This will eliminate any need for a password to log in to your Yahoo account. With an Account Key, to sign in to a Yahoo service, you'll just need your username and the sign-in notification sent to your mobile phone. Here are the various ways to do this.
5. Check your other accounts
With major data breaches like this, password reuse attacks will inevitably happen. If you are using the same passwords for multiple accounts, it is important that you review and change them now as well. If you don't know by now, it is bad practice to use the same password across different services.
This is also a good time to review your banking accounts and check for signs of identity theft and fraud.
Furthermore, beware of any phishing attempts that may capitalize on the situation. Carefully scrutinize any emails, texts or calls claiming to be from Yahoo, they might be just fraudulent attempts to steal more of your personal information.
While you're at it, please create strong and unique passwords for every online account you have. A single data breach is all it takes to compromise your multiple online identities.
6. Use a password manager
You can also use a third-party password manager to automatically create unique and complex passwords for you across multiple sites.
We suggest an offline, free password manager, such as Keepass. For further reading about password safety, I wrote about the new way to thwart hackers by using a different sort of password. I detailed the findings in a recent USA Today column. To read and learn more, click here.