Slashdot Mirror

← Back to Stories (view on slashdot.org)

Yahoo To Open Up Email Authentication

Posted by ryuzaki0 on from the let-a-thousand-mashups-bloom dept.

Aditi.Tuteja writes, "Yahoo has announced it will give away the browser-based authentication used in its email service, considered to be the company's 'crown jewels.' Yahoo made the announcement ahead of a 24-hour 'Yahoo Hack Day,' where it had invited more than 500 mostly youthful outside programmers to build new applications using Yahoo services. Considering the different needs of its huge user base (257 million people use Yahoo Mail), Yahoo has decided it can't build or buy enough innovation, so they are enlisting the worldwide developer community." The code will be released late in 2006. Yahoo notes that there are 'no security risks' since they keep absolute control of usernames and passwords.

10 of 75 comments (clear)

  1. But Yahoo email login work with FF passwords? by denis-The-menace · · Score: 2, Interesting

    Does this mean that I'll be finally able to login into Yahoo email with the built-in password handling in Firefox?

    If so, I'll believe it when I see it.

    --
    Obama's legacy: (N)othing (S)ecure (A)nywhere and (T)error (S)imulation (A)dministration
    1. Re:But Yahoo email login work with FF passwords? by Anonymous Coward · · Score: 1, Interesting

      just get the yahoo mail notifer extension for firefox... if you dont know what i mean just try it out and you wont go back!

  2. Still too much spam! by Kid+Zero · · Score: 2, Interesting

    Geez.... their spam filters are non-existant.

  3. OpenID ? by johnjones · · Score: 4, Interesting

    could they not just conform to a standard ?

    regards

    John Jones

  4. Crown jewels? by bogaboga · · Score: 2, Interesting

    Come on Yahoo...is that authentication code really a crown jewel? I am no coder but really wonder whether that title fits what the subject is here. What if we find that most if not all of this authentication code was lifted from BSD?

    1. Re:Crown jewels? by Schlemphfer · · Score: 5, Interesting
      >Come on Yahoo...is that authentication code really a crown jewel?

      The code isn't the crown jewel. What's of enormous value is the database of 250 million established Yahoo ID's.

      Suppose I want to open my blog up to comments. These days, I'd be nuts to allow non-account-holders to post, since I would be overwhelmed with comment spam. How many of my users will be willing to register a brand new username and password with my site's custom code? But if you've already got a Yahoo ID, that's all you'll need to go right ahead and post on my blog. See? The barriers to participating on my site have dropped almost to nothing, all because of Yahoo's pre-existing database of 250 million users.

      This is a win all the way around. It's a win for Yahoo, since it makes it more valuable for people to own a Yahoo ID. It's a win for me, since I don't need to generate custom code and maintain a database for user passwords. And it's a win for my users, who can now comment on my blog with little or no hassle.

      The losers? Sites like typekey.com, who were created to offer the same feature that Yahoo is about to offer, but who don't have the crown jewel of 250 million user accounts.

      --
      I'm generally "Interesting," "Insightful," and even "Funny" here. What the hell happens to me at parties?
  5. Sounds familiar... by __aaclcg7560 · · Score: 1, Interesting

    ... there are 'no security risks' since they keep absolute control of usernames and passwords.

    That's what my bank, credit card company and local government told me before they had a little "incident" with some script kiddies. Maybe the mattress is still the safest place for your money?

  6. Insanely brilliant by dedazo · · Score: 3, Interesting
    Think about this - you can now integrate a full-blown email client into your application (CMS, corporate, portals, etc) by simply writing around what will probably be a thin WS/RPC wrapper. Branding can't be far behind, and Yahoo will probably use the insertion of (hopefully) unobtrusive ads to finance it. Higher-level customers can probably do much more, including getting rid of ads. Maybe the service will even work with other domains. Now John Coder can offer a real email client in his app with minimal effort.

    It remains to be seen if they can pull this off, but it's nice to see this type of innovation and broad steps coming from somewhere other than Google. I like Google, but they need the competition or they'll start to stagnate. Competition is good!

    --
    Web2.0: I love when people Flickr my cuil and digg my boingboing until my google is reddit and I start to yahoo
  7. yahoo it/tech dept are hopeless by cheekyboy · · Score: 2, Interesting

    What happens to IT staff/ techos that make millions themselves through stock options in the late 90s?

    You become lazy rich yuppies (see the yahoo ceos daughter on mtv? gawd) and your brain turns into drivel that cannot
    innovate.

    Go on a 4week engineering brain storm trip, no girls, no CC cards, no email to your wifes.

    That will give you 5 years of engineering brillians between 10 smart people.

    How hard is it to kill all the bots/fake accounts? how about killing all accounts with a prefix of 5 or more digits or AAAAA prefixes.
    Suspend millions of them, and if there is no real person requesting it be turned back on its a bot, no response in 90 days, rm -rf the damn
    account.

    Or is yahoo claiming 250 million users, yet its only 90million real people and the rest bots?

    --
    Liberty freedom are no1, not dicks in suits.
  8. Phishing by aaronwormus · · Score: 2, Interesting

    Phishing is a BIG problem with Yahoo (and other big websites) plenty of users lose control of their Yahoo! IDs (granted they are not so bright, as seen by the average IQ of people who responded to this post).

    I would hate for a phishing attack on Yahoo to make my site vulnerable. And with more and more websites popping up Yahoo! signups, it just makes it easier for someone to spoof the form on their site and gather passwords.

    In the Favor of Y! they have taken good steps against phishing attempts, but it still happens a lot.