How To Protect Your Yahoo Mail Against Hackers

How To Protect Your Yahoo Mail Against Hackers

Almost three weeks after we first reported on Yahoo’s inability to protect its customers from being hacked, it seems that the email provider is no closer to coming up with an effective solution – or even admitting that it has a problem in the first place.

You can read my original post on the subject here, but the short story is that Russian hackers have employed a technique that exploits a cross-site scripting (XSS) vulnerability to hack thousands of Yahoo mail accounts over the last few months. Once compromised, the accounts are then used to distribute spam messages advertising a “get rich quick” scheme to every contact in the hacked account’s address book.

The attacks were first reported in January, and though Yahoo claimed to have fixed the vulnerability shortly afterwards, similar hacks were reported in March and then again in April, leading to serious concerns and doubts over Yahoo’s ability to protect its customers. Even worse, after first acknowledging the problem, Yahoo now appears to be ignoring it altogether – I have made several attempts to contact the company through various sources for a comment, so far to no avail.

With Yahoo seemingly unwilling, or more likely, unable to help its customers, many users have been asking me for advice on what they can do to better protect their accounts. The situation isn’t helped by the apparent lack of any advanced security settings option within Yahoo Mail itself, but through a little digging around I have been able to come up with some suggestions.

Three Steps To Secure Yahoo Mail (Sort Of)


Choose a SECURE password:

This cannot be emphasized enough. Do not choose a password that could be easy for anyone to guess. Ideally, you should use a secure password manager for you, something like RoboForm or KeePassX are good choices, as these will generate a password that’s far more difficult for hackers to crack. However, if you must choose your password by yourself, be sure not to go for anything obvious. Do not use any recognizable word, or even something that’s not a word but can still be pronounced. Instead, choose a random string of numbers, letters, and other characters, and be sure to change your password REGULARLY (like, once a month)

Don’t Answer Security Questions Truthfully:

When Vice-President hopeful Sarah Palin’s email account was famously hacked back in 2009, the hacker gained access simply by performing a Google search to find the answer to the question “where did you meet your spouse?”. What with most of us having Facebook and other social media accounts these days, and in many cases having our personal details plastered all over our company websites, it’s all too easy for hackers to find the answers to basic questions about you, which are often the same kinds of questions that Yahoo Mail will ask. So instead of entering your real school or mother’s maiden name, choose a totally random answer instead.

Use Two-Step Verification:

Most people probably don’t realize, but Yahoo now offers two-step authentication. Unfortunately, its bizarre decision not to include security settings within Yahoo Mail itself means that few people actually know where to find it or how to set it up. It’s not at all easy to find, but after some considerable effort I did eventually manage to track down the relevant page, and discovered that you can set up Second Sign-In Verification here (you’ll need to verify your password again). Once enabled, any time you’re prompted to enter your Yahoo password from an unrecognized device, you’ll also be asked to enter a code that’s sent to your phone via SMS, or alternatively answer a security question.

By following these three steps you’ll be doing just about everything you can to protect your account from being hacked. Of course, in cases where cybercriminals appear to be using highly sophisticated techniques (as Yahoo’s Russian hackers appear to do), even these steps may not be enough. In that case, I’d suggest giving serious consideration to ditching Yahoo for good, and signing up for Gmail,, or better still, an encrypted email provider such as

Mike Wheatley

Mike Wheatley is a senior staff writer at SiliconANGLE. He loves to write about Big Data and the Internet of Things, and explore how these technologies are evolving and helping businesses to become more agile.

Before joining SiliconANGLE, Mike was an editor at Argophilia Travel News, an occassional contributer to The Epoch Times, and has also dabbled in SEO and social media marketing. He usually bases himself in Bangkok, Thailand, though he can often be found roaming through the jungles or chilling on a beach.

Got a news story or tip? Email


Join our mailing list to receive the latest news and updates from our team.


Join our mailing list to receive the latest news and updates from our team.


  1. my yahoo email password has been locked for a long times, how can i do to get back

  2. Yahoo Mail has a serious problem, from 17th March 2013 I have had a serious problem with them and can not get in touch with there customer care. My whole Email address has been compromised. They have become so big that they could not care a dam anymore. I get messages stating that the Email address does not exist but I  had it for about 5 years. I never had any other Email address besides yahoo ( ), then I opened another Email address and now I can not compose on that one when I go into it, I get a whole lot of paraphernalia to go through  which never ends. A person can not even reply to there Emails. I hope THEY ARE GOING TO GET THIS.

  3. aceste pagini ca de altfel toate paginile de internet plecate din groapa de gunoi a lumii  america, sunt criminale , atenţie de felul în care le folosiţi ,iar dacă nu vă ocrotiţi vor şti aceste mizerii ale lumii şi de câte ori veţi merge la WC pe zi.

Submit a Comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Share This

Share This

Share this post with your friends!