Two-step means that after you log in with your password (as usual) Yahoo will text you a security code, which you'll enter in the next step.
This way, only someone who has in-person access to your phone (you) can access your account -- even if the password entered was correct.
If you haven't changed your password in a few years, do it -- now.
The company says the passwords that hackers stole were encrypted -- scrambled up with a tool called bcrypt.
The hack exposed names, email addresses, telephone numbers, dates of birth, encrypted passwords and unencrypted security questions. This might sound obvious, but if you're like a lot of people, you might not use Yahoo Mail as your primary email account.
Yahoo has 1 billion monthly active users on its services overall and just 225 million monthly active users for its Yahoo Mail service, according to figures the company gave CNET in June.
Better to leave the account inactive -- but with two-step verification turned on.
That's especially true "when the attacker can make relatively accurate guesses at what the password might be," Mc Dowell said.
" since, often, that information is easy to uncover.
That's a high expectation for most normal folks, so instead...
Security questions are often used to verify identity and gain account access, without the help of email verification.
Some security experts go as far as recommending you create random, unique answers to security questions like, "Where was your mother born?