Yahoo Confirms Leak of 400,000 Passwords


Hey! I have a yahoo email address. What's wrong with that? At least it's not AOL.
I have a yahoo account solely because it is required to have one in order to have a Flickr account, which nonetheless is a different account and password -- but you have to go through the Yahoo login first. Since I have to do this about once every two years, I forget my Yahoo password every single time. Yahoo sucks donkey balls.
@2, Flickr user here too. I also don't remember my yahoo password and I didn't write it down which I normally do.
Long have I waited for an opportunity to announce I have a robot assign big long passwords for all these different sites now. It remembers them all for me - if I forget the master password for my robot I am hosed.
Ha ha ha! It's 20(number)! You still use (service)?
The thing is, nobody's password ever gets cracked by repeated guessing. Sites just shut you down after enough guesses to get anywhere close. Passwords get taken in one of three ways - they either trick you into telling them your password by phishing, they install a key-logger on your computer, or they hack the site that has your password like somebody did to Yahoo. Having a complicated-to-guess password like had8458?!?usdig won't do anything at all to protect you.
Also still have Yahoo for Flickr, with the same password (until about 5 minutes from now) that I used to create one in like... 1998. Yep, changing.
1Password, y'all.
It warms my heart to see ninja so high up on the list.


My password is NOT ninja! Nope. Definitely not that.

Glad we got that cleared up (phew...close one.)
I have email accounts with all the major, generic services (hotmail, yahoo, gmail, etc.).

None are better or worse than others. They all get some spam, none more or less than others. They all function almost identically to each other.

People who say "You still use yahoo/hotmail/whatever?! Dude that's so old! Don't you know all the cool kids use gmail now?!" are only fooling themselves.
Yes, @7 & 11. This snooty disdain for whatever webmail system is all very amusing.

Perhaps, but one thing that does help is not using the same password for every account.
actually, it's 450,000 accounts, but a lot were obvious dupes used by the same person.

D3474 continues to be a secure password ...
Don't all the cool kids have their own domains?
The real question is what percentage of the accounts with a password like 123456 were used once and thrown away.
When gmail stops sucking so bad, and allows me to multi-task more then I'll switch. So, I'll probably have a yahoo account until google absorbs it.
@7 - You're making a big assumption that sites are implementing something that would shut down repeated guesses. That's not true. Most sites will happily let you guess until the cows come home, but more importantly, will let a robot guess until the robot cows come home.

It's absolutely more secure to have a hard to guess password. But it's more secure to use different passwords on different sites (that don't follow a guessable pattern). Your password is only as secure as the crappiest site you've used it on.

And for everyone else: YAHOO?!?!? HAH HA HAH AHAHA/
I'm pretty sure most of the people with the terrible passwords are people who don't care if someone guesses their password.

I'd be interested to hear the names on the attached email addresses. How many "Homer Simpson"s are there?
19, I thought that too. I have two e-mail accounts. One is for personal/legitimate stuff, the other is for all the forums, websites, and all of that other junk I have to register for (including this one).