Home › Forums › Archives › Site News & Announcements › Instant Messaging News › Yahoo! Messenger News › Yahoo!’s Newest Feature to Prevent Password Theft
- This topic has 13 replies, 9 voices, and was last updated 13 years, 6 months ago by lavivi.
-
AuthorPosts
-
August 16, 2006 at 4:27 am #24572NessaParticipant
Anyone else notice the new Prevent Password Theft feature? This basically works like most bank sites have implemented lately. You put your image or text of choice and everytime you want to login to Yahoo! on your computer that image should appear, if not, then it’s not a real Yahoo! login site, so don’t sign in!
This is a really nifty feature because there is a lot of people who get their id’s taken when they log into phishing sites, especially the Yahoo! Geocities one’s. So this should really help minimize the number of people who fall into these little traps.
Taken from the Yahoo! Site:
Quote:What is phishing?
Phishing – a play on the word “fishing” – is an attempt to steal your password and private account info. Phishers can set up fake web sites that look like those of trusted companies like Yahoo! to trick you into disclosing your user name and password. To learn more about phishing, visit the Yahoo! Security Center.How does a sign-in seal protect me?
A sign-in seal is a secret between the computer you set it up on and Yahoo!. So when you sign in to Yahoo! from this computer, your sign-in seal tells you that you’re seeing a genuine Yahoo! site, not a phishing site.Why do I have to set up a seal on each computer I use?
Your sign-in seal is associated with your computer, not your ID. It is a convenient way to instantly recognize a genuine Yahoo! sign-in page and be sure that you’re not on a page created by fraudsters attempting to steal your Yahoo! ID and password. Because we associate your sign-in seal with your computer, after you create a seal, there are no additional steps to signing in. Even if a phisher knows or guesses your ID or other personal information, they cannot use it to discover your sign-in seal. Note: Yahoo! will never ask for your Yahoo! ID or password in order to set up or display your sign-in seal.What if I share this computer with family or friends?
If they use Yahoo! too, you should show them the sign-in seal you’re creating for this computer. Even better, create a sign-in seal together so that everyone will be happy to use and recognize the seal.What about public computers?
Always use care when signing in on public computers, such as those located in libraries or Internet cafes. Administrators at these locations may create sign-in seals to help you identify Yahoo! on these machines, but you should not replace one of these seals with your own. It’s best to rely on other methods to to ensure you’re signing in to a genuine Yahoo! site.Will this sign-in seal protect me on sites other than Yahoo!?
No. The sign-in seal that you create here will only appear on Yahoo! sign-in screens. For more information about how to protect yourself online no matter where you are, see the Yahoo! Security Center.What if I don’t see my sign-in seal?
You could be on a fraudulent site, but there might be other reasons why you can’t see it. For example, someone else using your computer may have deleted or changed your seal, your cookies or files on your computer may have been deleted, or you’re using a partner or international Yahoo! site (like BT Yahoo! or Yahoo! India). To be safe, look for these other clues to make sure you’re on a genuine Yahoo! sign-in screen.*Below i added two screenshots, one of how it looks when it’s not in use and one when it’s in use. (And yes i’m still a tigger lover there!) 😛
So what do YOU think about this new feature? Will it help reduce phishing on Yahoo!?
All comments welcome!
Not in Use:In Use:
August 16, 2006 at 8:23 pm #150822EliteNickMemberThat’s actually pretty awesome. I think it will indeed help.
August 17, 2006 at 12:17 am #150827enigma666MemberThis is a welcomed addition to the fight against phishing on yahoo’s myriad of sites. However, that being said it is kind of useless if you’re like me and like to clear your browser cache out every day. Once you clear out the browser cache, your sign in seal & settings get erased and you will have to edit it again for it to work.
August 22, 2006 at 10:23 pm #150821DavidParticipantThat’s utterly useless.
Bank of America’s online banking application has been using this for quite a while now, but they used a server-basesd solution. it’s called a SiteKey, and you select it once, and it’s shown regardless of the browser.
The very fact that it’s cookies based makes it just as easy for the phishing site to say “oh, your cookie is gone, create a new seal.”
Great concept, horrible implementation.
September 3, 2006 at 8:11 pm #150823kyle_bakerMemberNiice writeup. I read this several weeks ago and am just getting to respond to it because this site has come to a dramaticly fast stop! The updates here are getting fewer and fewer. Anyone know why?
September 23, 2006 at 8:29 am #150828TimRockMemberI had several unimportant yahoo accounts/names stolen from me by a few people and they flaunted it to me in a yahoo chatroom. I guess just kids trying to impress people while acting imature talking under MY name inwhich they stole.
Anyway…i completely reformated my hard drive,used the sign-in seal after making a new Yahoo! account/name then IMed all of my old names and told them to try and take this new name i made and the next day they stole it.
Yahoo is very far behind what they are trying to keep up on.Case in point,they need to shoot for a better solution.People can also devert Yahoo! users entering a chatroom to a bogus chatroom that looks like an official yahoo site.
My suggestion is to not use Yahoo!for anything important.if you are then you are skating on thin ice.
September 23, 2006 at 1:19 pm #150824NessaParticipantTimRock;207770 wrote:Anyway…i completely reformated my hard drive,used the sign-in seal after making a new Yahoo! account/name then IMed all of my old names and told them to try and take this new name i made and the next day they stole it.The seal isn’t meant to protect your password from crackers who steal passwords that way. 😉
It’s actually meant to stop phishing (prevents you from logging in into a fake Yahoo! log-in page which is a way some people use to get id’s/passwords.)
And i don’t mean to sound mean, but you basically are asking for your id’s to be taken or else you would have stopped going to that specific room… Especially that last time in which you TOLD them to take your name, The seal won’t stop that and isn’t meant to…
September 24, 2006 at 5:51 am #150829TimRockMember@hatedjealousy 207778 wrote:
The seal isn’t meant to protect your password from crackers who steal passwords that way. 😉
It’s actually meant to stop phishing (prevents you from logging in into a fake Yahoo! log-in page which is a way some people use to get id’s/passwords.)
And i don’t mean to sound mean, but you basically are asking for your id’s to be taken or else you would have stopped going to that specific room… Especially that last time in which you TOLD them to take your name, The seal won’t stop that and isn’t meant to…
I dont think you understand.The way they stole the names are by the fake web pages but the they can duplicate the seal.so my point is that it doesnt work.
so what do you mean by saying@hatedjealousy 207778 wrote:
“The seal isn’t meant to protect your password from crackers who steal passwords that way. ;)“ what way are you referring to?
September 24, 2006 at 1:20 pm #150825NessaParticipantTimRock;207817 wrote:I dont think you understand.The way they stole the names are by the fake web pages but the they can duplicate the seal.so my point is that it doesnt work.I really don’t see any possible way they can duplicate your seal, unless they have complete access to your computer, in which, you have a way bigger problem than them taking your Yahoo! id’s. Plus i’ve seen my fair share of fake Yahoo! log-in pages meant for phishing and NONE have duplicated my seal. 😉
TimRock;207817 wrote:so what do you mean by sayinghatedjealousy;207778 wrote:The seal isn’t meant to protect your password from crackers who steal passwords that way. 😉what way are you referring to?
There is other ways to take people’s id’s other than phishing. I am not going to go into detail about how, but there is both ways and programs people use to figure out another person’s password. And the seal is only meant to protect you from Phishing by creating a seal which you choose on your computer, which is why i find it hard to believe they could duplicate that seal.
But if you insist they can do this, as a warning to all: Always look at the link in your address bar to make sure it says Yahoo!. Also a geocities site does not require log-in, so do not log-in unless you are trying to access your page.
September 25, 2006 at 5:15 am #150830TimRockMember@hatedjealousy 207827 wrote:
I really don’t see any possible way they can duplicate your seal, unless they have complete access to your computer, in which, you have a way bigger problem than them taking your Yahoo! id’s. Plus i’ve seen my fair share of fake Yahoo! log-in pages meant for phishing and NONE have duplicated my seal. 😉
There is other ways to take people’s id’s other than phishing. I am not going to go into detail about how, but there is both ways and programs people use to figure out another person’s password. And the seal is only meant to protect you from Phishing by creating a seal which you choose on your computer, which is why i find it hard to believe they could duplicate that seal.
But if you insist they can do this, as a warning to all: Always look at the link in your address bar to make sure it says Yahoo!. Also a geocities site does not require log-in, so do not log-in unless you are trying to access your page.
The seal doesnt prevent password theft.So if there are more ways to steal passwords by the flaws Yahoo! has,WHY doesnt Yahoo! do anthing about it?
September 25, 2006 at 5:40 am #150826NessaParticipantTimRock;207903 wrote:The seal doesnt prevent password theftIt does. It prevents phishing, which is a type of password theft.
TimRock;207903 wrote:So if there are more ways to steal passwords by the flaws Yahoo! has,WHY doesnt Yahoo! do anthing about it?Well aside from it being a free service, i wouldn’t know. Password taking has been around for as long as Yahoo! has been around, which is why you take proper precautions and remembering the original information you used to create that id, because even when changed, if you e-mail Yahoo! that original information, you have a chance of getting your id back.
Yahoo! doesn’t do anything about a lot of things, so this whole seal deal is actually a step up, because phishing is one of the biggest ways that people get their id’s taken.
Now, the seal may not be the best because it’s stored on your computer and not on a server, so when you delete your cookies, your seal is gone (or if you use a different computer). But hey!, at least it’s good to see them trying something new rather than ignoring the problem.
So, i for one am happy and find this seal useful, since i really haven’t seen someone be able to duplicate the seal in a fake log-in page as you stated.
November 13, 2006 at 1:13 am #150831OptikalMemberI agree with David, this method of prevention is useless. Relying on cookies is not the way!
October 9, 2009 at 7:29 am #150832giraffebeckyMemberI am SO FREAKIN’ ANNOYED with this “Sign-in-Seal”! I have been cleaning out my email for a few days. I have my own process in doing this. I like to have 3 tabs open; 1 for my IN-BOX, 2 for my SENT-BOX and 3rd for my TRASH FOLDER. Ever since I went to edit my account and signed up for this Sign-in-Seal, I’ve had such problems! Every time I leave my IN-BOX tab and go to (for instance) my SENT-BOX tab, click on one of my sent messages, I am directed to SIGN IN AGAIN! EVERY TIME! IT IS SOOOOO ANNOYING!
So – I went back to EDIT MY ACCOUNT and REMOVED the “Seal”. I’M STILL BEING DIRECTED TO SIGN IN EVERY TIME!! Then I looked around in the Yahoo Help section to learn how to DELETE this Sign-in-Seal feature. Told me to do EXACTLY what I had done
(1. On any Yahoo! sign-in page, click on the sign-in seal or move your mouse pointer over the sign-in seal, and click “Change Sign-in Settings.”
2. On the sign-in seal set-up page, click the “Remove” button in the Preview area.
3. Click the “Save Settings” button.).Anyone know how to get COMPLETELY RID OF THIS FEATURE???
October 15, 2010 at 12:06 pm #150833laviviMemberThis is a welcomed addition to the fight against phishing on yahoo’s myriad of sites. However, that being said it is kind of useless if you’re like me and like to clear your browser cache out every day. Once you clear out the browser cache, your sign in seal & settings get erased and you will have to edit it again for it to work
-
AuthorPosts
- You must be logged in to reply to this topic.