Yahoo offers password-free sign in

Archived From: Technology
  • Page :
  • 1
  • Text Only
rated:
This evening, when I started logging into my Yahoo mail account, it gave me an option to avoid having to use password, and use push notifications on my smartphone instead! I took this option! One less password to type!

Member Summary
Staff Summary
Thanks for visiting FatWallet.com. Join for free to remove this ad.

Lol I would change your Title to Yahoo Offers SMS Authorization.

Password Free sign on is just so wrong in today's hackable world.

forbin4040 said:   Lol I would change your Title to Yahoo Offers SMS Authorization.

Password Free sign on is just so wrong in today's hackable world.

  Google started offering it too now! It is called "2FA" log in.

Due to some SPAM pretending to come from my Yahoo account, I use the double log-in ... Password and then code sent to smart phone. Both are required to get to my Yahoo email.

JW10 said:   Due to some SPAM pretending to come from my Yahoo account, I use the double log-in ... Password and then code sent to smart phone. Both are required to get to my Yahoo email.
  They can still send SPAM pretending to be you..that's called Spoofing.

Who uses Yahoo anyway. Outlook.com is second to Google in terms of interface and features, especially the Skype integration.

rockymast said:   Who uses Yahoo anyway. Outlook.com is second to Google in terms of interface and features, especially the Skype integration.
I used Yahoo for years and loved it's simplicity and reliability .... but then Marissa Mayer started making what she thought were improvements,  

It would be hard to think of a worse idea from a security standpoint. Passwords, in general, aren't great. However, anything over SMS is a disaster waiting to happen.

bighitter said:   
rockymast said:   Who uses Yahoo anyway. Outlook.com is second to Google in terms of interface and features, especially the Skype integration.
I used Yahoo for years and loved it's simplicity and reliability .... but then Marissa Mayer started making what she thought were improvements,  


I don't think I am a fan of just about any those "improvements" since she arrived.

drodge said:   It would be hard to think of a worse idea from a security standpoint. Passwords, in general, aren't great. However, anything over SMS is a disaster waiting to happen.
  Are you saying 2FA using SMS is a bad thing?

This isn't 2FA, it's 1 factor wrapped up in a way that sounds good but is impossible for the average joe to understand. I'd say that using SMS as a second factor -in a true 2FA scenario - is better than nothing, but it's not secure by any means. It has about the same level of security as email, possibly even worse in some scenarios. Using email as a password recovery means isn't exactly as great idea either, but it's about the best solution we have that works well and is easy to use.

drodge said:   This isn't 2FA, it's 1 factor wrapped up in a way that sounds good but is impossible for the average joe to understand. I'd say that using SMS as a second factor -in a true 2FA scenario - is better than nothing, but it's not secure by any means. It has about the same level of security as email, possibly even worse in some scenarios. Using email as a password recovery means isn't exactly as great idea either, but it's about the best solution we have that works well and is easy to use.
  Is there a 2FA you like?  Something using an app on a smartphone that generates a code, for instance?

Google Authenticator. It's completely resident on the phone, doesn't rely on SMS, and cryptographically sound. The RSA token style of dongle are fine as well, but less convenient for most people.

drodge said:   Google Authenticator. It's completely resident on the phone, doesn't rely on SMS, and cryptographically sound. The RSA token style of dongle are fine as well, but less convenient for most people.
  Glad to hear it - I use that, for gmail and teamviewer.  VIP access (by Symantec) is an app used by a few other sites that I go to - hopefully it's just as solid.

There are a couple others out there also. RSA has a phone based token app that's fine (assuming you trust them to not lose the keys again). Products like OAuth and others came in with a bang, but few big websites really adopted them. In the end you're forced to use the product that's supported by the sites you want to use. I use Google Authenticator whenever I can. Still, tons of sites don't support it.

To be clear about my objection to SMS based systems, the weakness is in the SMS system itself. It's simply not secure from a variety of angles. Same goes for email and many other communications channels that are commonly used for 2FA or password recovery. You can definitely make an argument that in this scenario the second factor is part of a two part system. As such, it's a legitimate position to say that without 2FA you'd be relying on the password alone. With 2FA you have the security of the password, but also the 2nd factor. I guess it's fair in that in that case to say the insecurity of the 2nd factor isn't as big of a concern as it would be if it were the only piece in use. To be fair, SMS is insecure, but not script kiddie level. Same with email really. I guess the real question is what level of risk you're accepting and what benefit you're receiving by accepting the risk. On a personal level, I just ask why you'd accept any known risk in a security product. The only reason to use 2FA is security, so why use something you know isn't secure to increase security when there are other options out there?

rockymast said:   Who uses Yahoo anyway. Outlook.com is second to Google in terms of interface and features, especially the Skype integration.
  Yahoo has 1TB of email storage space.

qcumber98 said:   
rockymast said:   Who uses Yahoo anyway. Outlook.com is second to Google in terms of interface and features, especially the Skype integration.
  Yahoo has 1TB of email storage space.

Yeah, but you have the Yahoo mail UI.

jayK said:   
qcumber98 said:   
rockymast said:   Who uses Yahoo anyway. Outlook.com is second to Google in terms of interface and features, especially the Skype integration.
  Yahoo has 1TB of email storage space.

Yeah, but you have the Yahoo mail UI.

  ?  Yahoo has IMAP, I use it on my devices



Disclaimer: By providing links to other sites, FatWallet.com does not guarantee, approve or endorse the information or products available at these sites, nor does a link indicate any association with or endorsement by the linked site to FatWallet.com.

Thanks for visiting FatWallet.com. Join for free to remove this ad.

While FatWallet makes every effort to post correct information, offers are subject to change without notice.
Some exclusions may apply based upon merchant policies.
© 1999-2017