Yahoo Debuts End-To-End Encryption Email Plugin, Password-Free Logins

An anonymous reader writes: Yahoo has released the source code for a plugin that will enable end-to-end encryption for their email service. They're soliciting feedback from the security community to make sure it's built properly. They plan to roll it out to users by the end of the year.

Yahoo also demonstrated a new authentication system that doesn't use permanent passwords. Instead, they allow you to associate your Yahoo account with your phone, and text you a code on demand any time you need to log in. It's basically just the second step of traditional two-step authentication by itself. But Yahoo says they think it's "the first step to eliminating passwords."

I hope...

[AlCapwn]

I hope that if the recipient gets an encrypted email, it shoves the plugin down their throat. Maybe that way people will start adopting encryption.

Re:I hope...

[circletimessquare]

you can't make people care

there will be plenty that just don't care about privacy

there will be plenty that don't care and they're right: their online life is shallow crap

there will be plenty that don't care and they're wrong: their online info is used against them

some small fraction of the latter group will make an effort to correct that problem

this is, and always will be, a small percentage of people online

and honestly: it's not a problem. most people just aren't that interesting

if you want to spin frightening scenarios of government knowing everything about them, advertisers profiling their lives in every detail, the ease at which their finances and physical location can found in a snap, etc... they still won't fucking care

welcome to reality

Re:I hope...

[dwywit]

Your opinions

are expressed

in a manner

that makes

people

turn off

Although I spent the time and effort to tell you this.

You're welcome.

Re:I hope...

Burma Shave?

Re:I hope...

[circletimessquare]

so

don't read

Re:I hope...

[AmiMoJo]

Plugins are the wrong way to implement this. Plugins for browsers are generally a bad idea, and need extensive sandboxing to even begin to be secure.

There are pure Javascript implementations of public key crypto, but what it really needs is a new standard that browsers can adopt to support it. That could be extensions to Javascript or it could be something else, but a Yahoo specific plugin isn't the way to go.

Re:I hope...

[CronoCloud]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Considering that very few slashdotters in this discussion have PGP keys posted to slashdot..... I don't think that's too likely.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBCAAGBQJVBtjYAAoJEGgrLreJLenhhRwIALh3Sbcl2UVqx+pji+RCUytv
Yv11qS60cUFD387ITf4CMaxGdLFyOim5Y0XNgrCWQoxtywxidZLFaB5TIfVKE8Tr
Iyq/S9O2B4xCjxbAyhuYmjUfVNCH7renD8HoDn+uSMVLhwKuy3g9vvBwgz8UFJOf
AiLHYGGosJpBs0+rj9tT4e7cukCKJj+RVvduOG5ev84IdoU64bHfr9xkrtofgGJl
W7vV/O6jdzddk4iiLmKodkzdy2W4Y7eKPTSrTsLbJkfnp3bC5AM8oicSmj6R8xGi
+bkmGDDwnhyX50l+jwqQUVGbJjAz0pw17WOLEJ2tLRNLXAAnNeVsawfSGJnvbpg=
=eEN2
-----END PGP SIGNATURE-----

Re:I hope...

[BarbaraHudson]

Burma Shave?

Sorry, it's not Troll Tuesday*. Though maybe we can extend it ... :-)

(* Definition of Troll Tuesday: not really trolling (except for people with no sense of humor, who tend to get a mite upset), we "troll" to put a smile on people's faces while making relevant comments, not baiting people for emotional outbursts. Pretty much the opposite of trolling.)

Re:I hope...

[CronoCloud]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

The real problem is that people are using web browsers to read their e-mail instead of a proper e-mail client that already supports the existing standards of pgp and s/mime This yahoo plugin is actually based on google's code for an end to end plugin. It implents pgp.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBCAAGBQJVBtrWAAoJEGgrLreJLenh890IAJMHRwdi6vN1wSFhJnDNHqIX
GTuTGo7BEFp0+4Qo9mTiYtbF8HhJy1NAClXUKQ+fsHF6NwfvqEq2Fe7909oXPSNk
DewmEMc8xHlKxp9xaz6kVNg8t3DoieJCc4JoSmkpXRPtsC/0k8bdrAaH/7dhk1ex
mKU8QLjz60a9cOSU3BoBg9bG2GJacI+1fv6JxNUuV8LaxCwwIBSP/a3TYRRBnZX9
+AW66Oljq/gf7UH+4NxuKxrZ2K2MRYDVi9N57skb8V9MfiK9livZCPNxPvGePpIk
CmCJXa9pHY9+fkIwJeHCbIEPumC5wMcUJcnvOupRbodEFI10oad0Hs0ZJXVwZec=
=xOyc
-----END PGP SIGNATURE-----

Re:I hope...

[The+Grim+Reefer]

Adam West, is that you? Or William Shatner?

Re:I hope...

[mlts]

This is a solved problem, although by a commercial solution. Symantec's Encryption Desktop (formerly PGP desktop) allows one to either decrypt/check signature and view what is on the clipboard or decrypt/check signature and view what is in the current window.

We don't need a Web browser plugin. This is like drilling a hole in a boat that has one hole already in it, expecting the water to drain out.

Instead, we need something with functionality similar to SED that is completely standalone from other applications and functions completely independent of the Web browser. This is tougher than it sounds. GPG4Win is a good effort, but it does not come anywhere close to the ease of use that SED has. Macs and Linux have decent utilities like GPGTools (which was pictured.) If PGP decryption is put into something, it should not be part of a Web browser, but should be in the MUA. Web browsers should have as little running as possible, just so they have as small an attack surface since they are the biggest frontline for computer compromise these days.

The beauty about the OpenPGP spec is that it is completely independent of any transport mechanism, be it Slashdot posts, E-mail, MMS, AIM, Facebook's PM, or a file saved to a ZIP drive. Tethering it to a protocol can easily render a quite secure system extremely insecure, if only for the fact that a specific program or browser extension would be needed for the decryption.

Ideally, fetching E-mail via the Web should be more of an item of last resort, where one is using another machine. A high quality MUA (Thunderbird, Mail.app, Outlook, even mutt) is a lot more secure than a Web browser.

Re:I hope...

[Rich0]

The real problem is that people are using web browsers to read their e-mail instead of a proper e-mail client that already supports the existing standards of pgp and s/mime This yahoo plugin is actually based on google's code for an end to end plugin. It implents pgp.

The problem is that the browser+javascript is the most ubiquitous platform around. It is also FAR more convenient to use.

I'd love to see a decent FOSS webmail application that supports encryption. The only options that exist right now are pretty weak compared to something like GMail.

Re: I hope...

All those MUAs already have SMIME support built-in. The problem is that no one outside DOD uses it, or to put it another way, my seventy-year-old mother doesn't know how to get and install certs. I did that for her, and SMIME works so transparently that she's now sending me encrypted mail and everyone else signed mail.

Re:I hope...

[DarkOx]

JavaScript is not a solution to this problem. To use PKI effectively you MUST trust the client. You can't trust the client if its being sent to you from the one of the men in the middle "Yahoo" every time you use it.

All it takes is for any of the following to happen and you are boned.

1) Someone SE's a CA or obtains a Yahoo.com Certificate by some other method, national security letter, hack of yahoo etc, the MITM you an Yahoo

2) Somebody hacks Yahoo and is able to alter the content on their web servers

3) Yahoo complies with some third party request of some kind.

In all of these cases someone can simply change the JS implementation to send them the content or send them the keys, and your browser won't blink. It won't tell you anything has happened.

At least with a plugin you are aware when you are asked to update it etc. I am not aware of any current browser that will just update a plugin without asking. So if you are sufficiently paranoid to say, "this could possibly be fishy I am going to not check my mail right now and make sure the same thing happens on a better secured host and edge network someplace else" you might be spared. Its still not a good system though.

Re:I hope...

[Kazoo+the+Clown]

Burma Shave?

That comment dates you to about 70 years old...

Re:I hope...

[narcc]

It's a stupid meme now.

I'm still waiting for Mail Pouch Tobacco barns to make an appearance...

Re:I hope...

[unrtst]

The real problem is that people are using web browsers to read their e-mail instead of a proper e-mail client that already supports the existing standards of pgp and s/mime This yahoo plugin is actually based on google's code for an end to end plugin. It implents pgp.

The problem is that the browser+javascript is the most ubiquitous platform around. It is also FAR more convenient to use.

I'd love to see a decent FOSS webmail application that supports encryption. The only options that exist right now are pretty weak compared to something like GMail.

I get the feeling that very few people understand the problem here.

Both pgp/gpg and s/mime require ownership of a public/private key pair.
True, all the algorithm stuff for signing and encryption has already been implemented in javascript, but it's all useless without the keys.
How do you store and access those keys safely and securely from a web browser? That's what most of the existing webmail plugin solutions for pgp/gpg/smime do - they just provide a local keystore and make that available to the js methods to do the work.

Right now, you can't do S/MIME in a webmail app without a plugin.

Re:I hope...

[Rich0]

How do you store and access those keys safely and securely from a web browser? That's what most of the existing webmail plugin solutions for pgp/gpg/smime do - they just provide a local keystore and make that available to the js methods to do the work.

Oh, I get that. However, there are a few options:

1. Store it on the server. That doesn't protect you against server compromise, but it still protects you against a lot of stuff, and there is no reason the server can't be as secure as your client would otherwise be. Keep in mind that webmail does not necessarily mean 3rd party provided.

2. HTML5 storage plus javascript. This can in theory be about as secure as a local client, but my big concern here is having some way to ensure that the javascript isn't tampered with. In practice I think this is no better than #1. Google can write the best local storage system in the world and make it airtight, but if somebody compromises gmail.com they'll just send you a modified javascript file when you browse the site which will send them a copy of your keys when you unlock them.

I'd really like to see a good FOSS webmail client so that I can host my own.

Re:I hope...

[CronoCloud]

Yes, that's the correct pubkey, Slashdot messed up the formatting of the message, which makes it show a "bad" signature. Sometimes you can't even get a signed message past the lameness filter.

Re:I hope...

[CronoCloud]

The problem is that the browser+javascript is the most ubiquitous platform around. It is also FAR more convenient to use.

It may be ubiquitous, but for security purposes it doesn't work as well as a real client.

I'd love to see a decent FOSS webmail application that supports encryption. The only options that exist right now are pretty weak compared to something like GMail.

Then use Gmail over IMAP with a proper e-mail client that does support encryption. GMail has had IMAP support for over 7 years.

Re:I hope...

[Rich0]

I'd love to see a decent FOSS webmail application that supports encryption. The only options that exist right now are pretty weak compared to something like GMail.

Then use Gmail over IMAP with a proper e-mail client that does support encryption. GMail has had IMAP support for over 7 years.

I migrated away from X11 clients and IMAP for a reason. I used to GPG sign everything I sent. The problem is that when you start using multiple computers/operating-systems it becomes a real PITA. It wasn't like I was using encryption anyway, since 95% of the people I communicate with don't use it themselves.

I'd like to have my cake and eat it too, but there aren't a lot of threat models that thunderbird+gpg protects against that Gmail doesn't. It certainly won't stop the NSA from snooping on your email if they care to.

Re:I hope...

[CronoCloud]

The problem is that when you start using multiple computers/operating-systems it becomes a real PITA.

I hate saying this, but do you "really" need to access your e-mail on more than one machine these days, with the ubiquity of phones and tablets? If you're away from your "home machine", then use the tablet/phone. Android DOES have e-mail clients that support IMAP and gnupg

I'd like to have my cake and eat it too, but there aren't a lot of threat models that thunderbird+gpg protects against that Gmail doesn't. It certainly won't stop the NSA from snooping on your email if they care to.

Sure it will stop the NSA, they can't break pgp/gpg. And the only way to use gpg with gmail is with a client like Thunderbird or Claws-Mail over IMAP/POP3.

And you might want to replace your expired gpg pubkey on slashdot with your current one: the one with Key ID: 55EC123A Key fingerprint = 3665 3E11 22C0 8BCE A16D 1529 08C1 70DE 55EC 123A

Re:I hope...

[Rich0]

I hate saying this, but do you "really" need to access your e-mail on more than one machine these days, with the ubiquity of phones and tablets? If you're away from your "home machine", then use the tablet/phone. Android DOES have e-mail clients that support IMAP and gnupg

Most of the IMAP clients I've seen aren't terrific about offline access - certainly not in comparison to Gmail. They also don't handle tagging well (the same email being in 10 different "folders" at the same time). I also use multiple computers at home, and some are based on ChromeOS.

I'd like to have my cake and eat it too, but there aren't a lot of threat models that thunderbird+gpg protects against that Gmail doesn't. It certainly won't stop the NSA from snooping on your email if they care to.

Sure it will stop the NSA, they can't break pgp/gpg.

They can extract the key from my PC though. The one I'm typing this on happens to run a tor relay node. How likely do you think it is that it isn't rootkitted, despite religious application of patches and generally following best practices for linux?

And you might want to replace your expired gpg pubkey on slashdot with your current one: the one with Key ID: 55EC123A Key fingerprint = 3665 3E11 22C0 8BCE A16D 1529 08C1 70DE 55EC 123A

Thanks. I'd forgotten that Slashdot even tracks such things. :)

Re:I hope...

[CronoCloud]

They can extract the key from my PC though.

True, and then hit you with a wrench until you cough up the passphrase, but that is not very likely.

The one I'm typing this on happens to run a tor relay node. How likely do you think it is that it isn't rootkitted, despite religious application of patches and generally following best practices for linux?

Rootkitted? I think that's unlikely, even the NSA isn't omnipotent. But do I think they are monitoring Tor nodes from their own nodes, probably. They'd only rootkit you if they wanted specific data from a specific person-of-interest, I think.

Thanks. I'd forgotten that Slashdot even tracks such things. :)

Yep, you'll have to use the edituser page to change it:

https://slashdot.org/users.pl?...

Re:I hope...

[Rich0]

Rootkitted? I think that's unlikely, even the NSA isn't omnipotent. But do I think they are monitoring Tor nodes from their own nodes, probably. They'd only rootkit you if they wanted specific data from a specific person-of-interest, I think.

Well, it was already divulged that they root sysadmins to get credentials to log into boxes even when the sysadmins themselves are of no interest to them otherwise. (Ie, ISIS has a website hosted by AWS, so they find some random Amazon employee who VPNs in from home and steal their keys or such.)

I have no idea if they're rootkitting tor nodes, but it seems like a fairly obvious way to circumvent the tor network. If you have root on most of the nodes, then you can trivially follow most of the traffic.

The big thing with the NSA's hacking efforts is that it is largely automated. If they stick a list of tor IPs into a database, they'll all get hacked automatically, and then managed automatically. If somebody does a security update and only 3 of their 5 backdoors are left intact somebody will be notified to step in and open two more or whatever. It is basically what you'd get if you combined anonymous with a competent sysadmin team and a bunch of security researchers and then a bazillion SMEs to make sense of the extracted data. It probably costs as much for the NSA to hack into another PC as it costs Amazon to spool up another virtual machine.

Re:I hope...

[AlCapwn]

PGP isn't idiot proof though. The average computer user isn't going to follow a tutorial to read a message.

Re:I hope...

[CronoCloud]

PGP isn't idiot proof though.

It's better than it was. And even back when I created my first key back in 2007 (Yeah I'm a johnny-come-lately), I used a GUI to do so.

The average computer user isn't going to follow a tutorial to read a message.

Perhaps, but you only need to do the setup once.

security

How secure is it? How hard is it difficult to clone SIM cards of people? Is there a chance the text can go to the wrong phone?

Maybe they should limit what can be accessed when not using the password. Read/Compose only. Maybe delete, but not empty the trash.

You know, I would love it if providers such as Yahoo! Mail were to offer an option to archive all e-mail, as a form of backup. You know, in a handy zip file consisting of either email file types or text file types.

Re:security

With phones becoming primary form of email access for many, two-factor that relies on phone defeats the purpose.

Re:security

[BarbaraHudson]

Factor one: Something you have - your phone.
Factor two: Something you know - the text code.

Just don't lend your phone to evil people.

Re: security

[BarbaraHudson]

In less time than it took you to type out your screed, you could have read the article that talks about the password code. It's OPTIONAL,

When you try to sign in, you'll see a "send my password" button instead of a traditional password text box if you enable the system. The new sign-on method is available now.

Be lazy - read the fine article first :-)

Re:security

[Marginal+Coward]

Also, don't lose your phone where evil people might find it.

Forgive me if I've got the following arithmetic wrong, but if they remove one factor from two-factor authentication, doesn't that make it one-factor authentication?

I don't see eliminating passwords as an important goal. Instead, the goal should be to increase security. To that end, I've recently begun to use two-factor authentication on all my important accounts. However, I'm finding that each service implements it differently, so it's a bit annoying to have to remember how to deal with each one. Also, I use one service that requires a hardware token which they mail to you, and that makes it more difficult to get the whole thing set up, compared to the more common case where you just give them your phone number and then two-factor authentication begins to work nearly instantly. So, it would be nice if we had some industry standards on all that.

Since some services make two-factor authentication somewhat difficult to set up, I get the impression that they find that the increased support costs for it to not be worth it, at least from the service's point of view. Of course, from the customer point of view, if it prevents a security breach to an important account, it's well worth the extra trouble.

Re:security

[ArhcAngel]

Of course, from the customer point of view, if it prevents a security breach to an important account, it's well worth the extra trouble.

That's the problem. You can't prove it prevented a security breach so most users just see it as a PITA extra step and definitely NOT worth the extra trouble. My experience has been the harder it is to access something the less people use it. It's so hard to do some simple tasks on my current corporate network that at least half the office brings in their own laptops to get their work done. They just expense a WiFi hotspot and use it in the office.

Re:security

[Marginal+Coward]

That's the problem. You can't prove it prevented a security breach so most users just see it as a PITA extra step and definitely NOT worth the extra trouble.

Agreed. We've heard about high-profile cases like Target (credit card breach), Sony (everything breach), and recently Anthem (personal data breach), but I've never heard of any breaches involving investment/brokerage services, which is the category where I personally might suffer the most damage. However, in my own case, I'm just trying to be proactive by using two-factor authentication on those.

It seems like if hackers could get into one of the major investment/brokerage services, they could siphon off a lot of money in a short time. Yet I've never heard of any such case. So, is there something about financial institutions that protects them against large-scale fraud by hackers? For example, I could imagine that if someone siphoned money out of my brokerage account, the money would have to move through the banking system, where it could be traced and then ultimately could be restored via reversals.

Re:security

[mlts]

You just hit the nail on the head. As of now, if someone steals my phone in an unlocked state, they will be able to get the second factor... but they won't be able to log into the account due to the password. What having just one factor does is make a phone theft all the more crippling where a bad guy can do a lot of damage.

2FA is 2FA because it covers at least two of these properties: Something you know, somewhere you are located, something you are, and something you have. For example, a secure biometric system uses the fingerprint/retina scan as a username, then a PIN for access, or a remote access system uses a password and a OTP so that if the password gets sniffed, the OTP is still an obstacle.

On the other hand, perfect is the enemy of the good. In general, someone is going to be less likely to have their phone stolen than to have their password sniffed or cracked, so moving to a SMS message can be argued to be a security improvement.

That's great if you have a mobile phone

[dixonpete]

I don't. I tried to sign up with Yahoo a few weeks ago and got cockblocked by this. They required a mobile number.

Re:That's great if you have a mobile phone

The mobile number is just used to ensure two channels to the client, preventing a third party to sniff both part of the initial key. This is a very standard way to ensure that the encryption is actually secure. I would be more nervous if they DIDN'T require a mobile number (or secondary channel)

Re:That's great if you have a mobile phone

You gave me a papercut just by reading your (edgy) response. Many people, believe it or not, *opt* not to have a mobile device. Also i fail to see how one would be required to set up a email account, other providers manage it fine by making it optional and asking instead for another email account.

Re:That's great if you have a mobile phone

[itzly]

If the phone number is exchanged on a compromised channel, it can still be attacked by a man in the middle.

Re:That's great if you have a mobile phone

[bobstreo]

I don't. I tried to sign up with Yahoo a few weeks ago and got cockblocked by this. They required a mobile number.

Yeah, you think that's bad, I don't even have a computer or internet access and they wouldn't let me sign up.I must have sent them a dozen faxes and letters, and I'm still waiting for my so called "free" email account. Is it really "free" if it requires an expensive computer to use it!?

You should have either sent a clay tablet, or maybe a telegram.

Re:That's great if you have a mobile phone

[gl4ss]

why would you do it in a way where interception of the initial communication would compromise anything? the client program can have the cert included so mitm would set off alarms, so to compromise it the initial client delivered to the handset would need to be have been compromised, in which case you would be fucked anyways?

you know why they want the phone number and so does pakistani government..

Re:That's great if you have a mobile phone

Their real goal is probaby to prevent people from creating too many accounts, and/or getting something to link multiple accounts to the same person. Security has little to do with it.

Re:That's great if you have a mobile phone

[Himmy32]

Or it's a way to associate your real life identity for advertisers. That way the information they can take the data from your grocery rewards card and push targeted advertising on your inbox to help you change soap brands.

Re:That's great if you have a mobile phone

[BarbaraHudson]

Use their app - it doesn't require a browser.

Re:That's great if you have a mobile phone

[BarbaraHudson]

You gave me a papercut

What's this thing called "paper"?

It's that thin stuff that you wipe with after you use the toilet. Comes in a roll. Too complicated for most men to replace :-)

Re:That's great if you have a mobile phone

[dcollins117]

They required a mobile number.

If I needed a phone to access my email, I think I'd rather use the phone to make a damn phone call and skip the email.

Re: That's great if you have a mobile phone

[BarbaraHudson]

just as a 'few' opt out of going outside

I thought technology did away with that for most people.

Re:That's great if you have a mobile phone

[NexusJedi]

If the channel is compromised during registration, it would be trivial to MITM the phone number as well. I.e., send the attacker's phone number to Yahoo instead of the user's, and forward the verification code to the user. There's not a reliable way for the user to verify the source number of the text, and there are ways, such as using an internet-SMS gateway, to mask the attacker's number from the user.

Re:That's great if you have a mobile phone

[mordjah]

uhm.. no its really not.. you can purchase prepay sims that work as mvno (second class citizen, but no id) over the counter for 20 bucks or so.. no id needed.

Re:That's great if you have a mobile phone

[Xarius]

I'm not sure why a luddite would also want an email account!

But in seriousness, at least in the UK, you can have SMS sent to a landline number no problem. Some magic along the way results in a phone call and a robot reading out the text message. Our banks even use an automated outbound voice messaging platform to do the same thing as the SMS for people who don't have a mobile.

I expect they'll offer this if demand is high enough.

Re:That's great if you have a mobile phone

[DroolTwist]

They required a mobile number.

Can't you just make a throw-away VOIP (Skype, etc) number for this purpose, then get rid of it? I saw it recommended somewhere, I haven't actually tried it. Maybe someone with experience can chime in.

Re:That's great if you have a mobile phone

[allo]

no, its mandatory on sign up.

Re:That's great if you have a mobile phone

[MooseTick]

Sure, that could work when registering the account, but you don't have any email yet at that point. The real user wouldn't even be able to log in since they would never receive an the actual SMS code. Who cares if an empty account is compromised?

Re:That's great if you have a mobile phone

[l_bratch]

The attacker could also relay the SMS to the real user. That way the real user does the first log in (and any others that require the SMS code), but the attacker's phone number is stored in the system for when they choose to log in.

Re:That's great if you have a mobile phone

[BradMajors]

Their real goal is to prevent anonymous accounts. If they have your cell phone number they know who you are.

Re:That's great if you have a mobile phone

[l_bratch]

The suggestion above was about a MITM attack between the end user and the server, not a compromised server.

Re:That's great if you have a mobile phone

[antdude]

Same with AIM.com sign ups. :( Not everyone has mobile phones. I don't own one/1 either!

Re:That's great if you have a mobile phone

[antdude]

AIM.com also does this for its sign ups. :(

Re:That's great if you have a mobile phone

[l_bratch]

Scenario at time of account signup:
Browser - MITM - Server

Scenario after signup:
Browser - (Optional MITM) - Server
User's phone - Attacker's phone - Server

1. Browser sends user's phone number to MITM
2. MITM sends attacker's phone number to Server
3. Server sends SMS code to attacker's phone
4. Attacker forwards SMS code to user (preferably masking the source number, perhaps using an internet SMS gateway)

To the user, the above process was transparent so the account is used normally. At any time the attacker can sign in as the user by requesting the SMS code, neglecting to forward it on to the user, and using it for himself.

This of course relies on a MITM at the time of signup, but the first AC in this thread proposed that the SMS was to ensure the initial signup is secure. It can't be secure if the second channel (SMS) relies on a compromised first channel (MITM attacked HTTPS).

Re:That's great if you have a mobile phone

[l_bratch]

For this scenario, yes. Without speculating as to how likely it is, it can of course be achieved using a compromised browser (e.g. attacker's CA added as trusted) or a compromised CA (e.g. common CA hacked or compromised in some other way like government agency pressure).

In one of those scenarios, the SMS step doesn't add much, if anything.

It does add a useful step in the case of something like the user's machine being compromised by keylogging, but frankly these days the MITM scenario doesn't seem that unlikely. (Think Snowden revelations level government attacks.)

Re:That's great if you have a mobile phone

[Albert71292]

I don't. I tried to sign up with Yahoo a few weeks ago and got cockblocked by this. They required a mobile number.

I've been using Yahoo Plus Email (the paid version) for about 12 years. If they start REQUIRING me to use a mobile phone to access my account, I'll just have to cancel the account. Never owned a mobile phone, and not going to get one JUST to access an email account!

BS

End to end encryption with sending the code over an unsecure SMS so that the NSA can decrypt it anyway.
Nice.

*facepalm*

[thegarbz]

Yahoo needs to understand that the purpose of 2-factor authentication was not to replace passwords, but rather to ... provide a second factor of authentication.

Remember ideally:
1. Something you know
2. Something you have
3. Something you are

Each is no more secure than the other, but together they form a far stronger system than any individual component.

Re:*facepalm*

[itzly]

I'm sure Yahoo understands this. But who wants to go through the hassle of two factors of authentication (including using a unique and difficult password) every time they want to read an e-mail ?

What they trying to do is find a way to provide good enough security that people will actually use.

Re:*facepalm*

[mwvdlee]

Wouldn't this ideally be presented as a choice to users?

1. I don't care who reads my email; use either password or SMS only.
2. I care only slightly who reads my email; use two factor authentication.
3. My email is actually of some importance; choose a different email provider.
4. My email contains sensitive information; cancel all my email accounts.

Re:*facepalm*

[itzly]

Wouldn't this ideally be presented as a choice to users?

Except for option 2, Yahoo offers those choices.

Re:*facepalm*

[Zocalo]

Given the huge volume of spam that gets sent from compromised free mail accounts such as Yahoo! et al, mostly due to people using dumb passwords or getting their PC rooted, I can see why Yahoo! might want to move to something else; in that case something you have (a phone) is vastly more secure than a password known to you and a whole bunch of blackhats. That's almost certainly the issue Yahoo! is trying to solve here, rather than the one of securing access to data which, given that it's on a free mail provider, really shouldn't be used for anything sensitive in the first place, but users will be users (even ones in senior government positions it seems).

Still, I can't help but feel that a better approach to using 2FA in frequent use situations where convenience plays a major part might be to only bring the second factor in to play when something "unusual" happens, such as a sudden change in the geographic location of the IP address that you are trying to connect from. That's still possible with Yahoo's system, only it would probably be the password that would be prompted for as the second factor rather than the SMS token as might previously have been the case when 2FA is used in this manner.

Re:*facepalm*

[thegarbz]

Passwords don't need to be unique or difficult. That's just stupidity created by people with overly aggressive password policies. If someone is going to go to the effort of using the "Something you have" route for authentication then the "something you know" is not a lot of extra effort especially if we can do away with the stupid 8+char+number+capital+symbol+unique_unicode_char_not_typable_by_a_normal_keyboard bloody combinations.

You instantly become resistant to brute forcing attempts with 2 factor authentication. The password doesn't need to be batteryhorsestaple if the max password entry rate is a password every 10 seconds. Simply horse would do. Heck Aardvark is probably sufficient too because who in their right mind would dictionary attack a password that slowly.

Re:*facepalm*

[disposable60]

Out in the boonies, or in a reception-poor building in the 'burbs, SMS can take literal days to get through.
That would be an inconvenience up with which I would prefer not to put.

Now, an app that works like one of those SecureID fobs, so I'm not dependent on the vagaries of wireless reception? That would be pretty cool.

Re:*facepalm*

[AmiMoJo]

I've only used Google's implementation but it isn't much of a hassle at all. Your phone has an app that generates codes. The Gmail app doesn't need them because it's already running on your phone. When you log in to any Google app you need to put the code in, but can opt to never ask for it again on that computer. It is tied to the Chrome installation. You also only have to do it once and then you can access all Google services for that session without more codes.

Re:*facepalm*

[CronoCloud]

Now, an app that works like one of those SecureID fobs, so I'm not dependent on the vagaries of wireless reception?

Doesn't the google auth app (and other OTP based apps) work that way?

Re:*facepalm*

[Ash-Fox]

Doesn't the google auth app (and other OTP based apps) work that way?

They don't require an Internet connection, nor SMSes to generate a code, no.

Re:*facepalm*

[chihowa]

That's the purpose of "two-factor authentication", but not the purpose of any single factor. Yahoo is replacing the single factor "something you know" with "something you have", which is possibly an upgrade in security.

The factors themselves aren't equivalent in terms of security. "Something you have" is much easier for a normal person to secure than "something you know". That's why houses and cars use keys and office buildings use keycards and not codes. People (on average) are pretty decent at holding onto their phone and horrible at keeping their password safe (even if they pick a good password, which they wont).

Re:*facepalm*

[mlts]

The ideal would be to use the standard TOTP method that Amazon, Google, EMC, and other companies use. The Google Authenticator is just one implementation of the standard, and there are others (Amazon has one, for example.)

I really wish Yahoo would have SMS as an -option-, but would allow TOTP as well. This way, if one has the seed keys in an app, they don't need to get a SMS, but if they are on a new machine, SMS still works.

Re:*facepalm*

[mlts]

Another idea that comes to mind is to use a feature that all web browsers have had for over 10 years (even Lynx) -- client certificates.

This way, on setup, the website asks the user if the current client certificate presented is the one he or she wants to use, then from there on, authentication is completely transparent.

It goes without saying to have SMS as a backup, but the absolute easiest way to authenticate on a "known good" computer is to have a client cert.

Re:*facepalm*

[LessThanObvious]

The password could still be saved in the client and 2FA added as an additional layer. I personally won't be using Yahoo! mail for mobile much longer as their new versions require extensive additional permissions. Currently the app has no objectionable permissions, but the new version wants much more, namely: Device & App History, Identity, Contacts, Location, SMS, Wi-Fi connection info, Device ID and Call info. My current app functions as needed, WTF would I enable all that additional access? I pay for premium services on Yahoo mail, I expect better.

Re:*facepalm*

[thegarbz]

That works if the client is secure and consistent.

Not so good for an online web email service. And even less good for a phone which is easily lost or stolen.

how many people access yahoo mail on their phone?

[Chrisq]

I wonder how many people access yahoo mail on their phone, in effect reducing the protection to 1-factor authentication again? I know people who have Paypal accounts accessed on the smart phone with passwords remembered - and use SMS to the same phone as authentication!

Re:Still American so NSL

[Dr_Barnowl]

you can be compelled to give the encryption keys to the security services

In America, there would be a strong argument that this is in contravention of the Fifth Amendment of the consitution (as it would be self-incrimination). Not sure how that's played out though.

But yes, in the UK, there is a specific criminal offense of "Not disclosing your encryption key" which carries a 2 year sentence... and you can of course, be asked to disclose your key again once you've served it...

To the second point

[XB-70]

Fuck Yahoo! This is just a sleazy way to collect phone numbers and associate them with email addresses.

What if your phone is dead/stolen and you desperately need to get a message out? You're fucked.

NOTE: They just killed Yahoo! Profiles. In short, they are collecting data for themselves while making it harder and harder for Yahoo! users to search each other out.

Re:To the second point

[OzPeter]

Fuck Yahoo! This is just a sleazy way to collect phone numbers and associate them with email addresses.

You seriously don't think that this practice is confined to Yahoo! do you?

Re:To the second point

[Himmy32]

Doesn't make it any less sleazy for them to do it.

Re:To the second point

[thegarbz]

Actually it's 2-factor authentication on the cheap as users don't think their own security is worth spending money buying a token. It also make a shitload more sense than a recovery email address, because that's the reason I sign up for email, just so I can use a different email account and keep an old one live right?

Metadata

[Meneth]

PGP doesn't protect metadata.

Re:Metadata

[Chrisq]

In a standard smtp environment nothing can protect the email meta-data.

Re:Metadata

[Comboman]

Sure there is. All you have to do is use stegnography to encode your message into a photo, then use that photo in what looks like a spam email message, then pretend your computer is taken over by a botnet and send the spam to a few thousand email addresses (including the one you actually want to send to). Absolutely no useful metadata there.

Re:Metadata

[arthurpaliden]

Actually you just post it to a photo site that does not do image conversion or resizing. Thousands will look and that way you are not spamming.

Re:Metadata

[Chrisq]

Sure there is. All you have to do is use stegnography to encode your message into a photo, then use that photo in what looks like a spam email message, then pretend your computer is taken over by a botnet and send the spam to a few thousand email addresses (including the one you actually want to send to). Absolutely no useful metadata there.

Do you know what metadata is? It's the information like who it originated from and the destination address. That will still be

Re:Metadata

[mlts]

IMHO, the perfect is the enemy of the good. Even though metadata is not protected, data is, so if Yahoo gets hacked, people's E-mail is protected.

One doesn't have to use their OpenPGP extension, nor their authentication. I'm glad it is available.

As for metadata, we already have a way for this. NNTP and alt.anonymous.messages. There is a DEFCON report on how good/bad this security is... but if you really want privacy, this is the next step up because the messages go to nobody in particular... just the newsgroup.

Overall, I'm happy someone is working on PGP/gpg stuff. It is boring to developers compared to shiny new (and likely insecure) stuff, and has been neglected for years, but it is one of the few security protocols that actually works and has stood the test of time.

They should adopt SQRL

[mrlinux11]

SQRL completely eliminates the need for passwords https://www.grc.com/sqrl/sqrl....

Re:They should adopt SQRL

[awol]

And everyone in the UK speaking world dies laughing / wretching.
Cheers,....

Re:They should adopt SQRL

[mrlinux11]

Not sure what you see as funny here ?

Re:They should adopt SQRL

[OverlordQ]

Steve Gibson is still relevant?

Re:They should adopt SQRL

[Bacon+Bits]

My best guess is the Cybex SQRL bike may be well-known there.

However, I don't really like the idea of SQRL. Neither this protocol, nor GRC, has a particularly good reputation in security circles. [SQRL doesn't seem to do what it claims very well](http://security.stackexchange.com/questions/43374/could-sqrl-really-be-as-secure-as-they-say).

Good news!

Finally there is a way for the NSA to easily link your Yahoo email address and your mobile phone number.

Just make sure to constantly use your GPS on your phone, you'll be safer that way.

Remember, if yahoo cannot sell your data, if the NSA cannot read your email the terrorists win.

Um no.

[Drethon]

You are not constantly sending my text messages every time I want to log in. It annoys me enough to deal with this the first time I authenticate a machine with Gmail but at least that is just one time.

Hilary Clinton

[spamking]

I bet Hilary Clinton wishes this was an option for her "private" email account.

A secure SMS ?

[lolop]

As SMS are far than secure, they just transmit the key access to your emails as readable by [nsa]body.

Re:A secure SMS ?

[BarbaraHudson]

First, this entire thing is optional, so everyone who is getting upset about "needing to have a phone" should just calm down.
Second, you don't need to use a web browser or sms - they have an app for that.

Re:This is likely bad news....

[CronoCloud]

I checked out the link, there was no mention of what kind of encryption they will be implementing.

Actually, one link directly says what kind of encryption:
https://github.com/yahoo/end-t...

Use OpenPGP encryption in Yahoo mail.

Yahoo End-To-End
A fork of Google's End-to-End for Yahoo mail.

and the other link shows it in action:
http://yahoo.tumblr.com/post/1...

If you watch the gif, you can see a PGP code block

Re:No Phone

[Torp]

I have one, but I don't *trust* Yahoo with it. The moment i won't be able to log in without my phone is when I give up on their services...

Re:Still American so NSL

[f3rret]

Is that right? I assumed that US law was like UK law - there is no law against using strong encryption but you can be compelled to give the encryption keys to the security services.

You always have the right to remain silent. You cannot be compelled to give testimony, although they might try to slap you with an obstruction of justice rap.

Let's tie my comm links unseparably together

[gsslay]

Oh no, my phone is dead/stolen! Better email people and tell them not to phone me and I'll be reachable by email.

Just need to log into my email and ... ... shit...

Re:Let's tie my comm links unseparably together

[kaiser423]

I would hope that Yahoo is smart enough to do like Google does and have a set of one-time pads that you can refresh at any point. I always have a couple written in my wallet just in case I sit down at an untrusted terminal and my phone is dead.

Re:Let's tie my comm links unseparably together

[houghi]

So what is your alternative?

I hear people bitch and moan. The IT people only look at their own system and not to the weakest link, the human.

I have at least 25 different places I need to enter a login and password. I am not able to select logins for at least 10. I need to change passwords of at least 10. I need to change them on different intervals The 30 days one are terrible). I have some with a maximum amount and some with a minimal amount.
I am not able to install software, nor have access to anyting on all places I need them.

So what is a GOOD solution. All solutions I have gotten was to install X, which I can't do or use website Y, to which I have no access.

Oh and I obviously can't use any system in the passwords as that would be unsafe and I can not use the same one for any of them.

So the only way to do this is to make it less secure by at least dropping one and possibly more than one requirements to have a secure password system. It is either that or having no access (which is what every BOFH would love.)

So please find a generic soluton for the mutitude of passwords and logins.

Re:Let's tie my comm links unseparably together

[AHuxley]

The problem long term is people feel very secure with a phone and fancy new code.
Only the site sending the code and 'the users' phone will ever know :)
The phone is on all day, the logs are kept for years, lots of different groups might get the logs in bulk for official use or even local legal issues.
Thats a very long term record of a username, when created and all connected phone activity, movements over many years.
The mutitude of passwords and logins do offer a user the ability to only keep data with a desktop or a device or one company.

Re:Actualy, not so great if you have a mobile phon

[BarbaraHudson]

While my Mobile Phone has a lock screen, text messages are briefly displayed in it even in lock mode. Which means anyone who has my phone can briefly see the plain-text 'code' that Yahoo will text that number, even if the mobile device itself is locked for normal use. So (setting aside the legitimate issue that I may not have cell coverage all the time), it would seem rather easy to bypass the security mechanism here, because Yahoo is essentially putting my reset code out to an unsecured endpoint in a publicly visible manner.

Settings | Sound and notifications | When device is locked | Don't show notifications at all. Problem solved, at least on Android :-)

Re:Still American so NSL

[BarbaraHudson]

In the US, when the judge orders it and you don't comply, it's contempt of court. He'll have you thrown in jail until such time as you agree to unlock your phone.

There's a case going through Canadian courts where someone refused. We'll let you know what happens, if anything, because apparently this was the first time that a Canadian has refused to let Canada Border Services (CBS) look at their phone and CBS decided to make an issue of it.

Re:Not what it seems

[courteaudotbiz]

If you want anonymity and/or privacy, just don't go with the big companies. Period. I use openmailbox through TOR and using email addresses with false names, this does a better job at anonymity. As for privacy, I f**king keep my personal info to myself.

Re:Still American so NSL

[John.Banister]

I don't think the suggestion was relating to what the US government can compel from users of Yahoo's service, but rather that they could compel Yahoo to provide the government access to that user's emails while simultaneously compelling Yahoo to deceive the user about having done so. The notion is that Yahoo could show the world source code and intend to use it, but when it came time to actually put it into use, the government could come and force Yahoo to use different code, written by the government, while also forcing Yahoo to lie to the world, claiming that it's using the code it had originally intended to use. Five years ago this might sound like a bizarre conspiracy theory, but now it seems much less like a question of whether the government would try than a question of how successful the government might be at forcing all the Yahoo employees who would have to know about the lie to keep it secret.

Great, if you do not want to give away your privac

[allo]

... privacy.

No phone number, no yahoo or google account for you. Because ... the NSA wants to know you.

Going to be a noob

[Ronin+Developer]

Please...serious answers only...I don't care if you hate/love Apple or Android.

But, what is the likelyhood of the following:

1) Malware running on your non-jailbroken iPhone?
2) Malicious scripts running in the browser talking to other apps on the device?
3) Potential for your SMS traffic to be intercepted on a non-jailbroken iPhone?
4) Ability of an app to access SMS traffic on an iPhone?

Now, apply the same questions as they apply to latest incarnation Android?

My understanding is that sandboxed nature of iOS would/should prevent malicious apps from being run (assuming, you don't download one from the store or have allowed someone to physically compromise your device). iOS does not allow one access to received SMS traffic (unlike, Android). This means a user would have to manually enter the received token. To gain access to pushed traffic, something like APNS (on iOS) or GNS (Android) might be a better solution. Dumb phones can use SMS.

I would not suggest accessing your email from the same device as your token receiver, but can iOS' sandbox architecture provide enough of a firewall?

Are there exploits in the wild for iOS and/or Android making this a serious threat?

Re:Going to be a noob

[AHuxley]

It depends on how interesting you are and who you work for or where you travel.
Or the resale or fun of getting massive amounts of account logins.
Security services, federal, state gov, a local court, local gov, a private group that works for local gov, staff that has local gov access, a private group that works for contractors with access, a person who can afford to request the account be found, tracking a journalist who had a email from that brand of email provider.
Tracking back that persons phone gets to be interesting for anyone interested in that person or just after seeing their email used in public online.
What the security services can do with malware like tools should be well understood in 2015.
News about telco keeping phone logs over decades is now public.
The social engineering, honeytrap of a person, 'perfect' new friend getting near the phone?
Seen walking or driving near a protest away from the First Amendment zones, been near a journalist? When does a phone and all its accounts become interesting?
The "sandbox architecture provide enough of a firewall" exists for keeping other end users out.

sigh...

[koan]

"But Yahoo says they think it's "the first step to eliminating passwords.""

And another in a long line of steps that remove any anonymity from the user.

Re:Actualy, not so great if you have a mobile phon

[studpuppy]

but that assumes you don't want ANY text messages displayed. I have need to see most text messages when in lock mode, and there's no way to screen this specific type of notification out. One approach would be for the initial message from yahoo to not contain the actual code, but rather requires a response before sending the actual code in a second text message. And yes, text messaging rates would apply :)

Looks like they failed

[Vektuz]

From their intro video it appears that you generate your key on their website and even have a backup code that lets you retrieve it. How is this end to end? If they can retrieve the key for you and hold your private key for you, they can be compelled to release it (or knowing Yahoo's track record, accidentally leak it or get hacked).

The NSA can read your txts too

[johncandale]

The NSA can read your txts too. If they get a copy of the email not hard to get a copy of the txt to decode, right?

Pay per received text

[tepples]

There is also a middle ground between people who live on their phones and people who live without one. It's called prepaid mobile phone service, and it often carries a fee of 20 cents per sent text message and 20 cents per received text message. Having to pay 20 cents every time you log in to Yahoo! is not fun.

Public libraries offer one, not the other

[tepples]

I don't even have a computer or internet access and they wouldn't let me sign up.

I see the point you're trying to make with your sarcasm, but there's a difference: Public libraries offer Internet access. They do not offer SMS access.

Can it be based on the sender?

[tepples]

Then perhaps the right way to think about it is that the cost/benefit analysis differs depending on the sender. If the sender is Yahoo! or another authentication service, show only the sender. If the sender is anyone else, show the sender and a few words.

Yea, Symantec....ok

[tacokill]

This is a solved problem, although by a commercial solution. Symantec's Encryption Desktop....
I stopped reading after that. If you think Symantec is a solution to any problem that exists, then we'll just have to agree to disagree.

Re:Yea, Symantec....ok

[tacokill]

Symantec is subject to national security letters just like every other US company that exists. If they received one, they are prohibited by law from telling you what they do to assist the government with their products.

Re:Yea, Symantec....ok

[RockDoctor]

If you think Symantec is a solution to any problem that exists, then we'll just have to agree to disagree.

Does Symantec provide a solution for the problem that is Symantec? In particular, their atrocious (as I recall ... it has been a long time) uninstall programmes.

Unsupported carrier

[tepples]

Can't you just make a throw-away VOIP (Skype, etc) number for this purpose, then get rid of it?

You can make it. You can try to use it. But when you do, Yahoo! will probably reject it as "unsupported carrier" the same way it does land lines.

Re:Actualy, not so great if you have a mobile phon

[BarbaraHudson]

You can also do it on an app-by app basis.

Leakage

[BatesMethod]

Try accessing this URL while logged in to Yahoo.

https://developer.yahoo.com/yql/console/?q=select * from social.profile where guid = me

Are you able to harvest a phone number using YQL?

I was. Disturbingly, even after "deleting" the phone number from my Yahoo profile, the query result still includes a phone number.

On a related note, I wish Yahoo would at least properly implement OpenID Connect before delving into more exotic login scenarios.

Yahoo making you a locked in user

[lsatenstein]

With the yahoo encryption module, you will require a yahoo decryption module. Ergo, reading encrypted yahoo mail from gmail will or should not work.

I am certain that this non-universality concept will be equivalent to floating a lead ballon.