No Phishing
| Saturday, September 9th, 2006 | --jr |
Anyone who's used anything at Yahoo! knows the login screen. It seems like we're constantly asking for your password for stuff. Probably too much since it's pretty darn easy for you to blindly enter your password without checking to see if you're REALLY on a Yahoo site. Suddenly, your account has been phished and you're the one left high and dry.
Well, just to let you know, the security folks are working on fixing that "asking for your password all the #%$@ing time". In the mean while, they've rolled out a way for you to tell if you're on the site you think you're on.
Go to login.yahoo.com (the only real login page), and set up your personal security flag. You're the only one that can get that and it only shows up on pages that Yahoo! owns.
This means a new, simple rule to keep in mind: Don't see your security key? DON'T ENTER YOUR PASSWORD!
And yeah, we'll do something about asking for your password so much too, but hey, it's your stuff we're protecting.
September 11th, 2006 at 6:39 am
I don’t see anything about a security flag at login.yahoo.com. I tried checking at the Security Center, and couldn’t find anything there, either. Am I missing something?
September 11th, 2006 at 7:49 am
Huh,
There was no official announcement about this, but I’ve gotten plenty of reports of it available world wide. It may still be “rolling out”.
If you go to login.yahoo.com, you should see something that looks similar to the screenshot I posted.
September 12th, 2006 at 8:51 pm
[...] Y! Cool Thing of the Day One Cool Thing from Yahoo every weekday « No Phishing [...]
September 13th, 2006 at 4:55 pm
Barron
You have to click on the Prevent Password theft foldover deal on the login. I found out you have to do it for each browser you use.
It is kind of cool but I wish they would have implemented by user name instead of each computer if you use a few computer you have to set it up on each computer and each browser you use on each computer.
Yahoo for Y! Cool Thing.
September 14th, 2006 at 6:00 am
Yup, I figured it out the next time I saw the foldover, and moused over it. Thanks.
September 14th, 2006 at 9:18 pm
Tim, the issue with trying to provide an image based on your user name is: we have no idea if you really are who you say you are until you actually log in, so we’d need you to have successfully logged in before we could give you your user-name-based security image. That defeats the purpose, though, because we’re trying to make sure that you only enter your login information once you’re sure that you’re really talking to us (and not some phishing site).
So what we’re doing instead is tossing some data onto your computer that only our site can read, meaning that we’ll (essentially) be the only website on the internet that can look into that data and figure out the correct image to display. Once you have that image set up, it allows you to quickly verify that your computer trusts the Yahoo! login site that you’re visiting. Hopefully you can trust your computer about that sort of thing. :)