New
#1
Yahoo Mail and recent security issues
Hello,
As a Yahoo mail user, what service might I switch to that could be more secure, that are currently available?
Thanks for any assistance!
glennc
Yahoo Mail and recent security issues
-
-
New #2
Hi glennc
Gmail and Outlook.com (hotmail) are both excellent products. That said if I was an Android phone user I would take gmail.
If you want to add a security layer I would enable two step verification.
Ken
-
New #3
Howdy Caledon Ken,
Thanks for the suggestions! I must say that I've used the same ATT server and Thunderbird for all my mail for a long time. The concept of switching over seems daunting. Might you elaborate simply on the two step verification. Old dog and new ways kinda issue!!!
glennc
-
New #4
Hi Glen
Moving email accounts in between the big houses is easier then one thinks. You can export you contacts and import them into your new account, you can turn on forwarding so mail will be auto routed to your new account and finally you can have a message sent back to the email originator saying my new email address is xxx@yyy.com
Now I see you use Thunderbird so that could add a little to the discussion or it could make it easier if your contacts are in Thunderbird and not Yahoo.
First if you were part of the Yahoo break in you should be asking yourself, where else did I use those same Security questions. Lots of discussion around the security of Security Questions but that is a discussion for another thread. The important thing here is if you answered my oldest nephew is Taylor then you should change this on other sites where you used same question.
Two Step Verification is a process introduced by all the big suppliers to make your account more secure. Twitter, Facebook, Apple, Yahoo, Gmail and Outlook.com are just some of the big names that have adopted.
It is based on something you know, your password, and something you have, normally your phone. When you enable the process, signing in is “Two Steps”. You enter your password and the system challenges you for a code. Some people are familiar with this as they had small fobs from work that kept changing numbers every minute.
Different sites implement Two Step differently. Most sites are using texting as the code generator. You log in, you enter your password, it sends a code to your phone, the thing you have, and you complete the transaction by entering the code. Using this method, even if someone knew your password the chances of them guessing a multi digit code are nil.
Other sites allow you to use a code generator which you load on your phone (or tablet) as an app. You sync to your account by taking a picture of the QR code and from there every minute a new code is generated for that account. You can have many accounts in the generator.
Some will say this is very inconvenient, it isn’t, as most sites allow you to remember your device. So you only get challenged on your home PC once if you are using the “Keep me signed in”, option. Same with your tablet or phone, you sign in once however the assumption is you secured your tablet or phone with a password. (and a delete my device after so many wrong guesses)
Should you lose a phone or tablet you log into the main site and remove the access from that device.
Now with two step verification you need an “App” password to sign in from clients like Thunderbird, Outlook 2016 or mail apps like Windows 10 mail. You get this “app” password, which is a use once password, from the security page of the web site. By use once password, I mean if you had Thunderbird you need an App password and you need another app password for phone. You enter it instead of your real password when you login first time and that password is remembered.
Now there is one notable risk when using two step, if you are signing in from somewhere strange, say a hotel PC, and you’ve lost your phone you are sort of done. To counter, some sites, like Gmail, allow you to download 10, use once, “magic” codes. These you can carry in wallet. The codes are useless without password and you can generate 10 new ones whenever you wish. Some people have even managed to lock themselves out at home if they lose phone. Most sites provide an alternate.
Two step isn’t for everyone due to the complexities of having a password and “App” password for each device / client and some people don’t have or will not use texting. In that case, use long, easy to remember passwords.
You can search how to enable two step for each service on google and the members here likely have working experience that can help.
Ken
-
New #5
Wow, many thanks Ken. That was clear but rich with content... I will have to read it over a few times to fully grasp it. I like security, might be worth the effort if I get to the understanding part :) ! Thanks again
glennc
-
New #6
Gmail and Outlook Mail are the two big free Email providers.
I would sign up to both.
I'm not that keen on Gmail because of past problems with loosing access for a while and having to jump thru hoops to get it back.
Even now they say I sign on with another device when I use the Webmail interface rather than the Mail App, on the same Laptop.
That's one reason why I don't use 2 step verification. Very inconvenient and problematic.
-
New #7
Hello Helmut,
Have to rely on testimonials, thanks. Was thinking of first trying Outlook. Thanks for your take on 2 step!
glennc
-
New #8
Interesting. I use two step for gmail and have no issues. I sign in from Desktop, chrome browser, iPad and iPhone using gmail IOS mail app. As well it is connected to both my Macbook, using chrome, and my Win 10 laptop, using chrome. Only challenges me when I sign in somewhere strange and I have generator app on phone.
I wonder what the differences are apart from I'm Chrome and Gmail app based rather than Windows apps.
I also have two step on my second Outlook account which is synced to Outlook 2013 an iPhone as well as Twitter, Facebook, Apple and Yahoo.
-
Quote
Related Discussions
