Switch from Yahoo Mail to Gmail, and turn your phone into a physical key

The Yahoo hack figures have been recalculated and indicate that all 3 billion Yahoo accounts were affected by the 2013 breach — the world’s largest breach ever.

What’s a Yahoo Mail user to do? Skedaddle.

The secure thing to do, and the recommendation here, is simple: Ditch your Yahoo Mail account and sign up for a Gmail account with two-step verification.

Here’s how:

Delete your Yahoo! Mail account

First order of business is copying or forwarding your Yahoo emails, saving your Yahoo contacts on your computer, and exporting your Yahoo calendar so that it can be imported to another calendar program.

Then go to the “Terminating your Yahoo Account page.”

You’ll see a Yahoo security note on that page. If you click on it, Yahoo tells you they’ve identified data security issues concerning certain Yahoo user accounts. Oh really? They go on to explain how you can stick with Yahoo Mail and protect yourself. Move on.

Sign up for a Gmail account

Head over to gmail.com, and follow the instructions to sign up for your free Gmail account.

On day one, you should turn on Gmail’s two-step verification.

If you’re already a Gmail user, those instructions explain how to activate two-step verification in your account.

In a nutshell, you’ll have a two-step process for logging into your email. First, you’ll type in your login ID and password. Then you’ll need to type in a second code, which Gmail texts to your mobile phone each time you attempt to log in.

When you do that, a hacker can’t access your email unless they have your phone.

Once you’re signed in, it’s easy to disable the two-step verification for a particular computer and avoid the inconvenience of the extra step each time you log into your email. And you’ll still be protected because anyone else who tries to sign into your account from another computer will need to complete the two-step verification (and they can’t complete step 2 without your phone).

Now, your phone is the physical key to unlock your email account.

Multi-factor authentication

The technical term for Gmail’s two-step verification is multi-factor authentication (MFA), which is a security system that requires something you know (your login ID and password) and something you possess (i.e. your phone) in order to gain access to a device or app.

Google isn’t the only email provider to offer MFA. AOL Mail and the other popular email providers do, as well. Yahoo Mail offers MFA and for anyone stuck on continuing with them, an upgrade to the two-step process is strongly recommended.

Why switch away from Yahoo Mail?

Even with Yahoo Mail’s MFA, switching is the safe bet.

Gmail was among the first to offer more robust authentication and security measures, such as two-step authentication, writes Brian Krebs, on his immensely popular blog Krebs on Security.

The simple logic is that Google is a safer neighborhood than Yahoo for email and social media activity. Google’s been a first mover and innovator when it comes to cybersecurity, and Yahoo’s been a laggard. Plus, Yahoo’s been very slow in responding to hacks on their users.

It’s likely Google will remain ahead of the field in baking the latest security advances into Gmail. If you can back up all of your Yahoo data and make the switch to Gmail, then the question becomes: why not switch?

So, get up and running on Gmail with two-step verification ASAP.

Visit SteveOnCyber.com to read all of my blogs and articles covering cybersecurity.

Follow me on Twitter @CybersecuritySF, or connect with me on LinkedIn. Send story tips, feedback and suggestions to me here.