Passwords on their death bed? Yahoo!

A billion user accounts have been hacked.
Yahoo was the target of the attack.
Sadly, it was only three months before
When hackers stole 500 million more.

Thieves took phone numbers and addresses
And answers to your security questions.
They took your password in its hashed form
“Change it now”, you have been warned.

But don’t change it just it on Yahoo,
You must make these changes wherever you
Log in and use the services of a site
Or you’ll soon find things aren’t right.

If you use the same password everywhere
And thieves manage to lay your password bare
By birthday-attacking the md5 hash
That once protected your secret stash

The hacker will have the special treat
To post on your Facebook, to Snapchat, to tweet
As if they were really someone who
Had the right to do these things as you.

It’s a sadly preventable situation
That leaks like these cause such devastation.
Passwords simply aren’t sufficient.
Their protection has proven quite deficient.

Through the attack of SQL injection,
Or a simple phishing misdirection
Hackers grab data by the terabyte.
So much, then, for your privacy right.

Yahoo’s reliance on MD5
As if we were living in 1995
Certainly carries much of the blame.
Bad decisions? Just more of the same.

We need more than passwords to protect
Critical data whose loss will effect
Terrible troubles in our work and our finances.
Passwords? I will not be taking my chances.

With two-factor authentication,
Something you know and you have, in combination,
Are used to unlock your online treasure.
This is stronger by every measure.

One in seven American citizens
Are now endangered online denizens.
Yahoo and passwords are doomed to the past.
It’s time to move on now, finally, at last.

About Ray Klump

Associate Dean, College of Aviation, Science, and Technology at Lewis University Director, Master of Science in Information Security Lewis University http://online.lewisu.edu/ms-information-security.asp, http://online.lewisu.edu/resource/engineering-technology/articles.asp, http://cs.lewisu.edu. You can find him on Google+.

Leave a Reply

Your email address will not be published. Required fields are marked *