Yahoo! Mail security issues.

I’m seeing a lot of issues with Yahoo Mail accounts being compromised, so I’m posting my notes here and will update as I understand the problem better.  An example is when you get e-mail from friends with a single, SPAM URL in the message and it’s sent to 10-15 people (in alpha order) from their Yahoo! Contacts.

I suggest that you NOT check the box ‘keep me signed in’ when you log into Yahoo Mail (highlighted in red rectangle on screen shot below).  From what I can tell, some web sites with malicious content take advantage of cached Yahoo credentials and send mail with these SPAM links to everyone in your Yahoo contact list.

I also recommend using “two factor authentication” wherever possible.  Two factor authentication uses something you know (your password) with something you have (phone number, cell phone).  When accessing a web site, you enter your password (something you know), and then are prompted to enter a code sent to your phone (voice), or your cell (text), which are things you possess.  This is used when resetting passwords on your bank or credit card web sites.

Another option is to consider moving to Google Mail which appears to be more secure, and I know from testing that Google’s two factor authentication is quite comprehensive and I use an Android app on my cell phone to generate a code.

Yahoo login – do not

Yahoo Two factor authentication reference links,2817,2409477,00.asp