It says you should change your password if you have not done so since
2014. How can I tell when my password was last changed? I don't keep a
record of that.

On 9/25/2016 10:34 AM, Taxed and Spent wrote:
It says you should change your password if you have not done so since
2014. How can I tell when my password was last changed? I don't keep a
record of that.

How difficult is it change passwords? I routinely change mine every six
months or so. Just change it and move on.

On Sun, 25 Sep 2016 11:14:00 -0500, Unquestionably Confused
wrote:

On 9/25/2016 10:34 AM, Taxed and Spent wrote:
It says you should change your password if you have not done so since
2014. How can I tell when my password was last changed? I don't keep a
record of that.

How difficult is it change passwords? I routinely change mine every six
months or so. Just change it and move on.

The problem might be, if you do not know your password (it is stored
on the PC) you can't change it.

On Sun, 25 Sep 2016 12:47:12 -0400
wrote:

On Sun, 25 Sep 2016 11:14:00 -0500, Unquestionably Confused
wrote:

On 9/25/2016 10:34 AM, Taxed and Spent wrote:
It says you should change your password if you have not done so
since 2014. How can I tell when my password was last changed? I
don't keep a record of that.

How difficult is it change passwords? I routinely change mine every
six months or so. Just change it and move on.

The problem might be, if you do not know your password (it is stored
on the PC) you can't change it.

http://www.lostpassword.com/asterisk.htm

On 9/25/2016 12:14 PM, Unquestionably Confused wrote:


How difficult is it change passwords? I routinely change mine every six
months or so. Just change it and move on.


Why? If it has been working, what makes it more vulnerable with time?
What makes a new password more secure than an old one? Maybe the new
one is easier to crack.

Given the number of web sites I use it would be an all day job to change
them all.

On 9/25/2016 11:47 AM, wrote:
On Sun, 25 Sep 2016 11:14:00 -0500, Unquestionably Confused
wrote:

On 9/25/2016 10:34 AM, Taxed and Spent wrote:
It says you should change your password if you have not done so since
2014. How can I tell when my password was last changed? I don't keep a
record of that.

How difficult is it change passwords? I routinely change mine every six
months or so. Just change it and move on.

The problem might be, if you do not know your password (it is stored
on the PC) you can't change it.


If that's his problem, perhaps he shouldn't be on the computer. Under
your theory, he has his password stored and doesn't "remember" it.

That's fine. It will still allow him to log on and once logged in,
Yahoo does NOT require the entry of one's password a second time in
order to change passwords. You merely enter your new password, confirm
it and you're done until the next time.

On 25/09/2016 16:34, Taxed and Spent wrote:
It says you should change your password if you have not done so since
2014. How can I tell when my password was last changed? I don't keep a
record of that.

Simple answer: just change it now.

On Sun, 25 Sep 2016 12:51:44 -0400, burfordTjustice
wrote:

On Sun, 25 Sep 2016 12:47:12 -0400
wrote:

On Sun, 25 Sep 2016 11:14:00 -0500, Unquestionably Confused
wrote:

On 9/25/2016 10:34 AM, Taxed and Spent wrote:
It says you should change your password if you have not done so
since 2014. How can I tell when my password was last changed? I
don't keep a record of that.

How difficult is it change passwords? I routinely change mine every
six months or so. Just change it and move on.

The problem might be, if you do not know your password (it is stored
on the PC) you can't change it.

http://www.lostpassword.com/asterisk.htm

In my case I don't even have my Yahoo password anywhere. I only use it
for one Yahoo group and I just answer the Emailed post. I never
actually log in. I have tried recovering the PW but none of my answers
match what I wrote 17 years ago when I set up the account.

"Ed Pawlowski" wrote

| How difficult is it change passwords? I routinely change mine every six
| months or so. Just change it and move on.
|
|
| Why? If it has been working, what makes it more vulnerable with time?

Did you read about the news? It's a dramatically clear
answer to your question. Yahoo was hacked a couple
of years ago. Chinese hackers might be scanning your
email now, waiting for something like a credit card number
or bank account info, or enough personal info to spoof
your identity. The passwords might have been sold.

The data was stolen by breaking into Yahoo and stealing
their member/password list, not by hacking passwords.
If you changed your password periodically you would have
been protected for most of the last two years.

On 9/25/2016 11:59 AM, Ed Pawlowski wrote:
On 9/25/2016 12:14 PM, Unquestionably Confused wrote:


How difficult is it change passwords? I routinely change mine every six
months or so. Just change it and move on.


Why? If it has been working, what makes it more vulnerable with time?
What makes a new password more secure than an old one? Maybe the new
one is easier to crack.

Given the number of web sites I use it would be an all day job to change
them all.

Think about it, Ed. time has nothing to do with it really. There was a
breach and the password you may have thought to be secure has been leaked.

If your current password is "jTR653ew$*LvfddseZ+" that is a pretty
secure password. However, if there is a data breach on Thursday and
that password and your email account/Yahoo account user name is leaked,
it's worthless. If you change it to "jghfgfd$#cds@--:Y" the day after
the breach (before some hacking AH changes your old one and locks you
out) you are now secure again. (until the next breach)

"Unquestionably Confused" wrote

| If your current password is "jTR653ew$*LvfddseZ+" that is a pretty
| secure password.

I read an interesting article awhile back saying
that one of the best ways to make a password is to
just join 4 words. Cracking algorythms necessarily
look for patterns. Four words is very memorable
to humans, but not a pattern mathematically. For
instance: breadtarmacskatesblot

More memorable, yet still seemingly random,
things could be invented that mean something
only to the inventor. For instance:
ruthdoilyxmasbarnard

For your aunt Ruth who like doilies and invites
the family every Christmas to her house in Barnard.
It's memorable to you but for a computer it's
just 20 random characters.

On Sun, 25 Sep 2016 13:10:52 -0400, "Mayayana"
wrote:

"Ed Pawlowski" wrote

| How difficult is it change passwords? I routinely change mine every six
| months or so. Just change it and move on.
|
|
| Why? If it has been working, what makes it more vulnerable with time?

Did you read about the news? It's a dramatically clear
answer to your question. Yahoo was hacked a couple
of years ago. Chinese hackers might be scanning your
email now, waiting for something like a credit card number
or bank account info, or enough personal info to spoof
your identity. The passwords might have been sold.

The data was stolen by breaking into Yahoo and stealing
their member/password list, not by hacking passwords.
If you changed your password periodically you would have
been protected for most of the last two years.


If they look at my Yahoo account, they are just going to see the spam
in accumulated over the last 17 years because I never used it
I would appreciate them sending me the password tho ;-)

On 25/09/2016 18:26, wrote:
On Sun, 25 Sep 2016 13:10:52 -0400, "Mayayana"
wrote:

"Ed Pawlowski" wrote

| How difficult is it change passwords? I routinely change mine every six
| months or so. Just change it and move on.
|
|
| Why? If it has been working, what makes it more vulnerable with time?

Did you read about the news? It's a dramatically clear
answer to your question. Yahoo was hacked a couple
of years ago. Chinese hackers might be scanning your
email now, waiting for something like a credit card number
or bank account info, or enough personal info to spoof
your identity. The passwords might have been sold.

The data was stolen by breaking into Yahoo and stealing
their member/password list, not by hacking passwords.
If you changed your password periodically you would have
been protected for most of the last two years.


If they look at my Yahoo account, they are just going to see the spam
in accumulated over the last 17 years because I never used it
I would appreciate them sending me the password tho ;-)

Why not save all of your contacts and delete your present Yahoo email
account, then reinstal with a new email name, then send 1 bulk email to
your contacts telling them the new account name.

Ed Pawlowski explained on 9/25/2016 :
On 9/25/2016 12:14 PM, Unquestionably Confused wrote:


How difficult is it change passwords? I routinely change mine every six
months or so. Just change it and move on.


Why? If it has been working, what makes it more vulnerable with time? What
makes a new password more secure than an old one? Maybe the new one is
easier to crack.

Given the number of web sites I use it would be an all day job to change them
all.

Given the exhaustive search or dictionary attack scenario, changing the
password would make the already tried and failed passwords viable
again, so the attacker would have to start over again.

On 9/25/2016 12:25 PM, Mayayana wrote:
"Unquestionably Confused" wrote

| If your current password is "jTR653ew$*LvfddseZ+" that is a pretty
| secure password.

I read an interesting article awhile back saying
that one of the best ways to make a password is to
just join 4 words. Cracking algorythms necessarily
look for patterns. Four words is very memorable
to humans, but not a pattern mathematically. For
instance: breadtarmacskatesblot

More memorable, yet still seemingly random,
things could be invented that mean something
only to the inventor. For instance:
ruthdoilyxmasbarnard

For your aunt Ruth who like doilies and invites
the family every Christmas to her house in Barnard.
It's memorable to you but for a computer it's
just 20 random characters.




Run those through any password strength meter of your choice and you'll
find that they are woefully inadequate

"Unquestionably Confused" wrote

| Run those through any password strength meter of your choice and you'll
| find that they are woefully inadequate
|

No link. No explanation. Did you have a
reason to say that other than impluse or
personal instinct? Here's the source:

http://www.baekdal.com/insights/pass...rity-usability
http://www.baekdal.com/insights/the-...-passwords-faq

You can *seem* to make more obscure passwords
by adding *, !, etc. And you could add those to the 4
words. The author of the articles linked also uses
spaces between words. You could also capitalize some
characters. But as long as the password cracker
assumes those characters are possibilities it will test
for them, so they're no more unique than "a". Menawhile,
you have a 20-character password that you can remember.

On 9/25/2016 1:35 PM, FromTheRafters wrote:


Given the exhaustive search or dictionary attack scenario, changing the
password would make the already tried and failed passwords viable again,
so the attacker would have to start over again.

And your "new" password may be the next one tried and thus cracked. Not
so sure it improves the odds.

On 9/25/2016 1:31 PM, Bod wrote:


Why not save all of your contacts and delete your present Yahoo email
account, then reinstal with a new email name, then send 1 bulk email to
your contacts telling them the new account name.


That would work for your contacts. What about the other 50 accounts you
have for banks, credit cards, auto service, utilities, insurance, and on
and on?

On 25/09/2016 19:29, Ed Pawlowski wrote:
On 9/25/2016 1:31 PM, Bod wrote:


Why not save all of your contacts and delete your present Yahoo email
account, then reinstal with a new email name, then send 1 bulk email to
your contacts telling them the new account name.


That would work for your contacts. What about the other 50 accounts you
have for banks, credit cards, auto service, utilities, insurance, and on
and on?

Assuming that you know the passwords for them all, surely it is worth
that effort for your own security and peace of mind?

On 25/09/2016 19:31, Bod wrote:
On 25/09/2016 19:29, Ed Pawlowski wrote:
On 9/25/2016 1:31 PM, Bod wrote:


Why not save all of your contacts and delete your present Yahoo email
account, then reinstal with a new email name, then send 1 bulk email to
your contacts telling them the new account name.


That would work for your contacts. What about the other 50 accounts you
have for banks, credit cards, auto service, utilities, insurance, and on
and on?

Assuming that you know the passwords for them all, surely it is worth
that effort for your own security and peace of mind?

Forgot to add; create individual passwords for each of em. Just write
them down and keep in a safe place.

Ed Pawlowski wrote on 9/25/2016 :
On 9/25/2016 1:35 PM, FromTheRafters wrote:


Given the exhaustive search or dictionary attack scenario, changing the
password would make the already tried and failed passwords viable again,
so the attacker would have to start over again.

And your "new" password may be the next one tried and thus cracked. Not so
sure it improves the odds.

Sure, but the idea behind exhaustive search is not the same as behind
random tries, it reduces the effective keyspace after each try. If the
entire keyspace can be searched in a year, the average time to break is
six months. If you change the password every three months they may
never hit the mark. This definitely does improve your odds.

On Sun, 25 Sep 2016 19:31:19 +0100, Bod wrote:

On 25/09/2016 19:29, Ed Pawlowski wrote:
On 9/25/2016 1:31 PM, Bod wrote:


Why not save all of your contacts and delete your present Yahoo email
account, then reinstal with a new email name, then send 1 bulk email to
your contacts telling them the new account name.


That would work for your contacts. What about the other 50 accounts you
have for banks, credit cards, auto service, utilities, insurance, and on
and on?

Assuming that you know the passwords for them all, surely it is worth
that effort for your own security and peace of mind?

Changing email address is like moving house, it's virtually impossible. You always forget a lot of important things.

--
I couldn't repair your brakes, so I made your horn louder.

On 9/25/2016 10:06 AM, Bod wrote:
On 25/09/2016 16:34, Taxed and Spent wrote:
It says you should change your password if you have not done so since
2014. How can I tell when my password was last changed? I don't keep a
record of that.

Simple answer: just change it now.

That is a simpleton answer.

Is there anybody who can answer the question I raised?

On Sun, 25 Sep 2016 14:29:01 -0400, Ed Pawlowski wrote:

On 9/25/2016 1:31 PM, Bod wrote:


Why not save all of your contacts and delete your present Yahoo email
account, then reinstal with a new email name, then send 1 bulk email to
your contacts telling them the new account name.


That would work for your contacts. What about the other 50 accounts you
have for banks, credit cards, auto service, utilities, insurance, and on
and on?

Hmmmmm, I dont use email for ANY of the things you mentioned. Then again
I dont do online banking, or use my *REAL* credit cards online. (I get
those disposible pre-paid cards for online shopping). For the cost of a
few postage stamps, I'd rather send a check to pay my bills, rather than
risk online identity theft. And I can also use my phone to pay some
bills, for example, I can use a thing where I phone one of my utilities
and they will accept payment from my checking account without an actual
paper check, and no credit card required.

I only use email to chit-chat with friends and relatives, and
occasionally contact a business to ask a question about their products.
So if someone wants to hack into my email, I hope they enjoy reading
about my latest home or car repairs, my findings at rummage sales, my
pets, and my bitching about the weather.

"Taxed and Spent" wrote

| Simple answer: just change it now.
|
| That is a simpleton answer.
|
| Is there anybody who can answer the question I raised?

It's a simple answer for a dumb question. If you
don't know when you last changed your password
then who would? If you think Yahoo does then ask
them. What other possibilities are there?

Or you could just change your password now.
You might also want to consider getting real email
(from your ISP, a paid account, or your own domain)
and not using Yahoo or other freebie webmail.

On 9/25/2016 1:24 PM, Mayayana wrote:
"Unquestionably Confused" wrote

| Run those through any password strength meter of your choice and you'll
| find that they are woefully inadequate
|

No link. No explanation. Did you have a
reason to say that other than impluse or
personal instinct? Here's the source:

http://www.baekdal.com/insights/pass...rity-usability
http://www.baekdal.com/insights/the-...-passwords-faq

You can *seem* to make more obscure passwords
by adding *, !, etc. And you could add those to the 4
words. The author of the articles linked also uses
spaces between words. You could also capitalize some
characters. But as long as the password cracker
assumes those characters are possibilities it will test
for them, so they're no more unique than "a". Menawhile,
you have a 20-character password that you can remember.

I don't doubt that somebody wrote that about passwords, but I don't buy
it and I don't take it as gospel just because somebody did.

I also didn't include a link to password checker simply because my
suggestion was that you run it through any one that you might choose -
and there are plenty.

Here's a couple, so go ahead and give it a try. If you find that these
don't support your position, go ahead and find some more and try them.
Good luck.

http://www.passwordmeter.com/

https://howsecureismypassword.net/

Depending upon which one you use - actually, make that REGARDLESS of
which checker you use - you'll find that simply adding a space between
the words of your pass phrase will dramatically increase the difficulty
of solving.

Then, so long as you're out there trying, try running something like
FU2&es&dye! and see what happens. Or, one of my favorites, something
like "Hgb^7*?/,dPoo" (with or without the quotation marks, tho if you
use the quotes the time frame runs into the trillions of yearsg)

I use a pass phrase similar to what you suggest (but including some
clinkers to increase difficulty) as a Master Password for my password
manager. Trust me when I say that no matter how I check it, my Master
PW will withstand a couple of billion years of hammering with a computer
and the individual passwords for financial accounts and the like will
withstand trillions. I feel that's adequate as I doubt that I'll be
around much more than 15 or 20 years if I'm really luckyg

On 9/25/2016 4:49 PM, Taxed and Spent wrote:
On 9/25/2016 10:06 AM, Bod wrote:
On 25/09/2016 16:34, Taxed and Spent wrote:
It says you should change your password if you have not done so since
2014. How can I tell when my password was last changed? I don't keep a
record of that.

Simple answer: just change it now.

That is a simpleton answer.

Is there anybody who can answer the question I raised?

To quote Queen Hillary, "What difference does it make [when you last
changed your password (in this context)]?"

There is no penalty for changing your password "too often," the only
risk is not changing it often enough and being sloppy with creating it
and storing it.

You don't need it to change it with Yahoo.

We can explain it to you but we can't understand it for you.g

On Sun, 25 Sep 2016 23:09:40 +0100, wrote:

On Sun, 25 Sep 2016 14:29:01 -0400, Ed Pawlowski wrote:

On 9/25/2016 1:31 PM, Bod wrote:


Why not save all of your contacts and delete your present Yahoo email
account, then reinstal with a new email name, then send 1 bulk email to
your contacts telling them the new account name.


That would work for your contacts. What about the other 50 accounts you
have for banks, credit cards, auto service, utilities, insurance, and on
and on?

Hmmmmm, I dont use email for ANY of the things you mentioned. Then again
I dont do online banking, or use my *REAL* credit cards online. (I get
those disposible pre-paid cards for online shopping). For the cost of a
few postage stamps, I'd rather send a check to pay my bills, rather than
risk online identity theft. And I can also use my phone to pay some
bills, for example, I can use a thing where I phone one of my utilities
and they will accept payment from my checking account without an actual
paper check, and no credit card required.

You worry too much.

I only use email to chit-chat with friends and relatives, and
occasionally contact a business to ask a question about their products.
So if someone wants to hack into my email, I hope they enjoy reading
about my latest home or car repairs, my findings at rummage sales, my
pets, and my bitching about the weather.

If you use real email instead of an online version, you don't get hacked.

--
In the 60's people took acid to make the world weird.
Now the world is weird, people take prozac to make it normal.

On Sun, 25 Sep 2016 23:37:36 +0100, Unquestionably Confused wrote:

On 9/25/2016 4:49 PM, Taxed and Spent wrote:
On 9/25/2016 10:06 AM, Bod wrote:
On 25/09/2016 16:34, Taxed and Spent wrote:
It says you should change your password if you have not done so since
2014. How can I tell when my password was last changed? I don't keep a
record of that.

Simple answer: just change it now.

That is a simpleton answer.

Is there anybody who can answer the question I raised?

To quote Queen Hillary, "What difference does it make [when you last
changed your password (in this context)]?"

There is no penalty for changing your password "too often," the only
risk is not changing it often enough and being sloppy with creating it
and storing it.

You don't need it to change it with Yahoo.

We can explain it to you but we can't understand it for you.g

The penalty is forgetting it.

--
Do infants have as much fun in their infancy as adults do in adultery?

On 9/25/2016 10:35 AM, FromTheRafters wrote:

Given the exhaustive search or dictionary attack scenario, changing the
password would make the already tried and failed passwords viable again,
so the attacker would have to start over again.

I use Yahoo's Two-step verification. It makes a dictionary attack
useless on a strange machine.

On 9/25/2016 11:24 AM, Mayayana wrote:

You can *seem* to make more obscure passwords
by adding *, !, etc. And you could add those to the 4
words.

I use Yahoo's Two-step verification. Even if the perp knows my simple
password he won't be able to bring up my account on a strange machine.

AL submitted this idea :
On 9/25/2016 10:35 AM, FromTheRafters wrote:

Given the exhaustive search or dictionary attack scenario, changing the
password would make the already tried and failed passwords viable again,
so the attacker would have to start over again.

I use Yahoo's Two-step verification. It makes a dictionary attack useless on
a strange machine.

If they hacked the server, all they would likely have to do is exhaust
the hash's keyspace no matter how many parts were involved in the
hash's creation. They've had two years in this case, but it could have
been worse.

Taxed and Spent presented the following explanation :
On 9/25/2016 10:06 AM, Bod wrote:
On 25/09/2016 16:34, Taxed and Spent wrote:
It says you should change your password if you have not done so since
2014. How can I tell when my password was last changed? I don't keep a
record of that.

Simple answer: just change it now.

That is a simpleton answer.

Is there anybody who can answer the question I raised?

Probably someone at Yahoo! can answer that, but only if there is some
record keeping of that sort of thing on their end.

On Mon, 26 Sep 2016 01:01:23 +0100, FromTheRafters wrote:

Taxed and Spent presented the following explanation :
On 9/25/2016 10:06 AM, Bod wrote:
On 25/09/2016 16:34, Taxed and Spent wrote:
It says you should change your password if you have not done so since
2014. How can I tell when my password was last changed? I don't keep a
record of that.

Simple answer: just change it now.

That is a simpleton answer.

Is there anybody who can answer the question I raised?

Probably someone at Yahoo! can answer that, but only if there is some
record keeping of that sort of thing on their end.

I doubt a cheap **** free webmail service would bother answering your question. Have you never heard of POP3?

--
ADULT: A person who has stopped growing at both ends and is now growing in the middle.

"Unquestionably Confused" wrote

| I also didn't include a link to password checker simply because my
| suggestion was that you run it through any one that you might choose -
| and there are plenty.
|
| Here's a couple, so go ahead and give it a try. If you find that these
| don't support your position, go ahead and find some more and try them.
| Good luck.
|

I did. If you'd bothered to check yourself you would
have found that a 20 character password is considered
very strong, no matter what the characters. Such
password checkers are of little value for anything other
than learning basic rules. They're just simple scripts
that assign points based on unusual characters, length
of password, etc. An OSS example that can be
downloaded is he

http://rumkin.com/tools/password/passchk.php

If you try that you'll find that anything over about
12-13 characters is rated strong, even if it's just
13 lower case alphabetic characters. As I noted before,
it's been a long time since unusual characters were
worth much. Many places now require upper and
lower case, at least one number, and at least one
unusual character. So any worthwhile cracker has
already increased its check from 62 alphanumeric
characters to include a dozen or so more. Those
other characters, like #1, may look exotic, but all
characters are just numeric byte values.

"AL" wrote

| I use Yahoo's Two-step verification. Even if the perp knows my simple
| password he won't be able to bring up my account on a strange machine.
|

Isn't that for when you change your password?
I assume you don't answer a security question
every time you log on.

The issue here is that passwords were stolen and
Yahoo didn't know or didn't tell people. So the
thieves could have been logging into any Yahoo
account over the past two years without being
noticed.

James Wilkinson formulated on Sunday :
On Mon, 26 Sep 2016 01:01:23 +0100, FromTheRafters
wrote:

Taxed and Spent presented the following explanation :
On 9/25/2016 10:06 AM, Bod wrote:
On 25/09/2016 16:34, Taxed and Spent wrote:
It says you should change your password if you have not done so since
2014. How can I tell when my password was last changed? I don't keep a
record of that.

Simple answer: just change it now.

That is a simpleton answer.

Is there anybody who can answer the question I raised?

Probably someone at Yahoo! can answer that, but only if there is some
record keeping of that sort of thing on their end.

I doubt a cheap **** free webmail service would bother answering your
question. Have you never heard of POP3?

What question?

On 9/25/2016 5:07 PM, James Wilkinson wrote:
On Mon, 26 Sep 2016 01:01:23 +0100, FromTheRafters
wrote:

Taxed and Spent presented the following explanation :
On 9/25/2016 10:06 AM, Bod wrote:
On 25/09/2016 16:34, Taxed and Spent wrote:
It says you should change your password if you have not done so since
2014. How can I tell when my password was last changed? I don't
keep a
record of that.

Simple answer: just change it now.

That is a simpleton answer.

Is there anybody who can answer the question I raised?

Probably someone at Yahoo! can answer that, but only if there is some
record keeping of that sort of thing on their end.

I doubt a cheap **** free webmail service would bother answering your
question. Have you never heard of POP3?


I can access a Yahoo account via POP3. Can't figure it out?

On 9/25/2016 5:25 PM, Mayayana wrote:
"AL" wrote

| I use Yahoo's Two-step verification. Even if the perp knows my simple
| password he won't be able to bring up my account on a strange machine.
|

Isn't that for when you change your password?

No. It has nothing to do with changing the password.

When I log into Yahoo from a strange (unknown to Yahoo) computer, Yahoo
verifies it's me by texting me a code on my cell phone. When I enter
that code on the strange machine it becomes a known machine and from
that point on there is no more Two-step verification necessary to access
my account on *that particular computer*.

Anyone trying to log in to my account from a strange computer will be
unsuccessful even if they know my password because they don't have my
cell phone for the verification code.

I assume you don't answer a security question
every time you log on.

Correct.

The issue here is that passwords were stolen and
Yahoo didn't know or didn't tell people.

I agree that's bad. But the issue here is also how to protect yourself
now. I suggest activating Two-step verification.

So the
thieves could have been logging into any Yahoo
account over the past two years without being
noticed.

With Two-step verification I would notice an *attempt* to log on to my
account because I would get an unasked for text code.

"Mayayana"
Sun, 25 Sep 2016 17:25:50 GMT in alt.home.repair, wrote:

"Unquestionably Confused" wrote

| If your current password is "jTR653ew$*LvfddseZ+" that is a pretty
| secure password.

I read an interesting article awhile back saying
that one of the best ways to make a password is to
just join 4 words. Cracking algorythms necessarily
look for patterns. Four words is very memorable
to humans, but not a pattern mathematically. For
instance: breadtarmacskatesblot

You might want to re-read the article. You seem a bit confused on
what cracking algorithms can/can't do here.

More memorable, yet still seemingly random,
things could be invented that mean something
only to the inventor. For instance:
ruthdoilyxmasbarnard

That's only going to semi protect you against a basic dictionary
attack, a brute force one is going to get it once it reaches that
amount of characters. Just a matter of time. Cracking 'algorithms'
vary you see. simple Dictionary only attacks aren't very effective
against such passwords, but the one you used for an example is ripe
for a Brute force attack. The only thing that would save you in this
case is the amount of times yahoo will let you get it wrong before it
temp disables the account, etc.

For your aunt Ruth who like doilies and invites
the family every Christmas to her house in Barnard.
It's memorable to you but for a computer it's
just 20 random characters.

See above. your example is only a-z and nothing else; 20 characters
long. IE: NOT secure.


--
MID:
Hmmm. I most certainly don't understand how I can access a copy of a
zip file but then not be able to unzip it so I can watch it. That
seems VERY clever!
http://al.howardknight.net/msgid.cgi?ID=145716711400