Yahoo breach is a reminder to follow password advice


October is National Cybersecurity Awareness Month, and as if on cue, Yahoo recently announced that half a billion of its users’ details were stolen in 2014.

Password“I haven’t used my Yahoo account in years,” you think. “I’m not worried about it.”

But if you’re in the bad habit of using the same password for multiple accounts, you should be, according to Marc Scarborough, chief information security officer for Rice’s Office of Information Technology. Cybercriminals count on that kind of apathy.

Like trying all the keys on a ring to unlock a door, criminals can plug those stolen emails, user names and passwords into other popular service accounts in the chance they’ll hit pay dirt: gather more information about a user and possibly, access more of their accounts.

Someone who uses the same password for Yahoo, Facebook, Twitter and their bank account could be seriously exposed.

“This is good reminder not to use the same password everywhere and to use strong passwords,” Scarborough said. “Generally speaking, a password’s strength — its length and complexity — should be directly related to the value of the resource it’s protecting.”

At a minimum, separate work and personal accounts and make sure that critical accounts, like those that access financial or personal data, have the strongest passwords, he said.

What makes a password strong?

  • It has a minimum of 8 characters. A longer password is even better.
  • It includes numbers, symbols and lower and uppercase letters.
  • It isn’t a word in the dictionary.
  • It doesn’t use character substitutions that would otherwise make it a dictionary word, such as substituting “3” for “E” or “5” for “S.”

Scarborough also recommends using two-factor authentication whenever possible. Two-factor authentication means the site requires not only a user name and password but also something that the user has — a fingerprint or a code the user is sent when they try to log in.

For more information on setting good passwords and other data security information, visit



About Jennifer Evans

Jennifer Evans is a senior editor in the Rice's Office of Public Affairs.