Yahoo! strongly recommends that you change your Yahoo! login password if your Yahoo! account has been compromised. We suspect that the people who compromise the security of Yahoo! accounts will use them to send spam. These unwanted messages can be sent to the contacts saved in your Yahoo! account services: Yahoo! Messenger, Yahoo! Mail, and Yahoo! Pulse.

If you believe your account has been compromised, you should change your password immediately.

To make it easier to remember passwords, it is common for people to use the same or similar passwords on each system, such as their birthday or the name of their pet or relative. Simple passwords make it easier for others to guess them. Some people use automated programs that run through common words to guess passwords.

If someone gains access to your email account, they can pretend to be you and send mail to your contacts asking them to send you money or divulge other personal information. They can read all of your email, and in the process, discover a lot about your finances if you have electronic statements delivered to your email. Also, if they know your email password, they can try to use it to access your online banking and other accounts. When you use the same password for more than one account, you make it easier for someone to break into all of your accounts.

To make it more difficult for someone to guess your password or prevent them from guessing it, we recommend that you create strong passwords. Doing so helps keep your accounts secure and safe from prying eyes.

Here are some common questions and answers about compromised accounts.

Q. How do I create a strong password?

A. For a password to be strong, follow these tips:

• Don’t use the same password for more than one website.
• Don’t use the same password you have used before on this site.
• Avoid using a complete word or name.
• Use at least 7 characters—the more the better but no more than 31 characters.
• Use a combination of characters from each of the following groups:
  
  

  Group	Example
  Letters (uppercase and lowercase)	A, B, C… (and a, b, c…)
  Numbers	0, 1, 2, 3 …
  Symbols	( ) ! @ # $ % ^ & *, …

• Don’t use personal information that someone could easily figure out, and don’t use your Yahoo! ID in any form (reversed, capitalized, doubled, and so forth).
• You can learn more about choosing a strong password by reviewing the information at the Yahoo! Security Center.

Q. I can’t change my password.

A. If you can’t change your password, follow these steps:

1. Go to Looks like you need some help.
   
   
2. Select My account may have been compromised.
3. Click Next.
   
   
4. Type your Yahoo! email address in the My Yahoo! ID is box.
5. Type the code shown inside the box exactly as it appears.
6. Click Next.
   
   
7. Type one of the alternate email addresses you provided for your Yahoo! account.
8. Click Next. Yahoo! will send an email to your alternate email address with a link that enables you to reset your password.
9. Check your email at the alternate email address for the email sent to you from yahoo-account-services.
10. Open the email from yahoo-account-services and click the Reset My Password link. The Yahoo! Password Helper page appears.
    
    
11. Type your new password in the New Password box, re-type it in the Re-type New Password box, and click Next. The Yahoo! Account Info page appears with your alternate email addresses and cell phone number. Additionally, you must provide two secret questions to protect your account.
12. Click Change Questions and Answers. Two pull-down menus appear for you to choose your secret questions.
    
    
13. From the first Secret Question pull-down menu, select your question.
14. Type the answer to the first question in the Your Answer box.
15. From the second Secret Question pull-down menu, select your question.
16. Type the answer to the second question in the Your Answer box.
17. Click Save.
18. Click Next. Your password is now changed.
19. Click Continue.

After you complete the online account verification wizard, you’ll have the opportunity to contact an Account Verification agent who can assist you further.

That’s it! Your password has changed. Remember to log in using your new password.

Q. How do I know this is a real Yahoo! page?

A. The only way to be sure a Yahoo! page is real is to go to yahoo.com and navigate to that page using only the links on the Yahoo! pages.

Q. What are the risks of not changing my password?

A. Until you change your password, your personal information such as your address, stored email, contacts, group memberships, and other account settings and details are accessible to the person who has your password.

Q. What are the effects if I don’t change my password now?

A. If your account was compromised, Yahoo! will ask you to change your password every time you sign in. Also, you will not be able to access Yahoo! Messenger, certain mobile services, and possibly your email if your email program uses POP (Post Office Protocol), SMTP (Simple Mail Transfer Protocol), or IMAP (Internet Mail Access Protocol) to send and retrieve your email.

Q. I have a credit card on file with Yahoo!. Do I need to cancel the credit card?

A. Not necessarily. The person who has your password could have viewed the last four digits of your credit card, though we have no evidence this has happened. It’s not possible for people to see the entire credit card number, and any new purchase requires re-entering the entire credit card number.

Q. Do I need to delete my account?

A. No. You can protect your account by changing your password and making sure your account recovery and registration information is up to date. To check your account information, go to Yahoo! Account Info.

Q. How can I protect my Yahoo! account?

A. Update your account recovery and registration information by visiting Yahoo! Account Info. On this page, you can add your other email addresses and cell phone numbers. After you add this information, you will receive notifications for important changes on your account, such as updates to secret questions/answers, password resets through account recovery, and so forth.

Q. Where can I learn more about security?

A. To learn more about security, go to Yahoo! Security Center.

Q. What should I do to avoid this happening again?

A. First, ensure that you are using a strong password. Second, do not use the same or similar passwords on different sites. Third, learn about phishing and never enter your ID or password on pages you aren’t sure are legitimate.

Q. Should I change my passwords at other sites?

A. Yes, if those passwords are not strong. Read the tips for creating strong passwords in the first Q&A: How do I create a strong password?