Slashdot Mirror

← Back to Stories (view on slashdot.org)

Yahoo Mail Moves From Passwords To Push Notification Sign-Ins (tumblr.com)

Posted by timothy on from the we-think-you're-you dept.

An anonymous reader writes: A revamp of Yahoo Mail includes a new feature which eliminates the password from the sign-in process on mobile platforms, instead relying on the user's phone number as a token of authenticity. Notification-based sign-ins are a network-heavy commitment used with less frequency during some online banking authentication procedures, and by Google and others in specific events such as the need for a password reset. But Yahoo is well-motivated to improve security after a 2014 data breach led to a mass-reset of passwords for affected users.

5 of 78 comments (clear)

  1. Selling Cell Numbers to Advertisers? by Irate+Engineer · · Score: 5, Insightful

    Yahoo Mail has been my throwaway email since about forever, and I have no desire for it to be anything other than that. Yahoo is in such straights now that I would have to read the fine print about what they'll be doing with my cell number and would be very leery about handing it to them. It wouldn't surprise me if this is less a security ploy than a data-mining revenue enhancement ploy.

    --

    Left MS Windows for Linux Mint and never looked back!

    Vote for Bernie in 2016!

    1. Re:Selling Cell Numbers to Advertisers? by JustAnotherOldGuy · · Score: 4, Insightful

      I would have to read the fine print about what they'll be doing with my cell number and would be very leery about handing it to them.

      Same here, with the added caveat that "terms and conditions are subject to change". In other words, once they have it they can basically do whatever they want with it and good luck trying to stop them.

      "Sorry, didn't you read out new TOS? It explicitly states that we can now sell your phone number to the Mobile Marketing Ad Group in India and Bahrain and Brazil and Mexico and Russia and anywhere else we fucking feel like it."

      --
      Just cruising through this digital world at 33 1/3 rpm...
  2. So essentially the phone is my security credential by QuietLagoon · · Score: 5, Insightful
    So if someone gets my phone, they can access my Yahoo accounts because all the knowledge needed to access my Yahoo accounts is contained on the phone and/or Yahoo will message it to the phone.

    .
    What am I missing? This does not sound more secure at all.

  3. Ready for the spam? by holophrastic · · Score: 4, Informative

    Welcome to allowing anyone to make my phone beep a thousand times every minute while I'm at dinner.

    What do you think my father is going to do when his phone asks for authorization that he didn't instigate? He's going to call me saying that his e-mail is being hacked. ...and when it happens a dozen times an hour, he's going to accidentally authorize something -- and then have no idea what's happened as a result.

  4. Re:SIM cloning by fahrbot-bot · · Score: 4, Funny

    You can switch to a new phone number by answering the security questions.

    You'd be surprised how many people can't answer the security questions they set up themselves.

    Not me! My security question is: "What is your security question?"

    --
    It must have been something you assimilated. . . .