There is no 2-step verification option or anything like it.
I login via a BT page but it takes me to a BT-Yahoo page.
BT emailed me last month to say I needed to change my password and security question, because of the Yahoo breach - and in fact threatened to lock my account if I didn't make the change within 7 days. However much that may sound like a scam email, I checked through another route and it was 100% genuine - lots of other folk got the same email too.
I have a friend whose yahoo mail was hacked a few years ago - pw by brute force (I know this for sure, as his wife had changed it from a very secure pw I had setup, to a very simple pw which was easy to remember and easy to hack).
The hacker immediately went into the account and set it up so that all replies to any email would be forwarded to him - to an alias email which was identical except for one character. This way, anyone "replying" would likely not notice the difference.
He then proceeded to go through the existing address list and email all the friends, saying he was out of the country, had been robbed, and needed some money to pay his hotel bill and get on a plane home. The thing is, my friend travels regularly out of the country, and happened to be out of town at that very moment, so it was quite believable.. I got one of these fake emails, immediately noticed the incorrect return email address, and alerted my friend. In the meantime, I was having a fun conversation with the hacker.......
That's just recovery options.
Two-step verification is something that you get asked every time you login (or every time you login from a device which isn't previously verified). Typically it uses something else in addition to your computer (usually a mobile phone), in conjunction with your password, to give more evidence that it is really you trying to login.
For instance this is how it works on a Microsoft account.
https://support.microsoft.com/en-gb/...p-verification
I believe that pure Yahoo users can switch on 2-step verification, and it should help give some more defence against hackers (although using SMS messages is far from foolproof). This was what MartinO was referring to earlier.
However BT Yahoo doesn't ask for my security questions when I login- it only asks for passwords, which is just the one step. I hadn't used my security questions for several years until I changed them the other day.
Every time I log into my M$ account I only need to use my password having already set up two step verification.
Its the same with BT, SKY and every other internet provider.
You obviously do not understand my explanation, perhaps someone else can help.
The idea of two-step authentication is that the verification is only asked when you sign in to a service, email or any other service from a non-trusted device and browser (non-trusted = a device on which you have not used said service before, or in case you have used the device you have selected not to set it as trusted one).
Using an Outlook.com email as an example, every time I sign in to Outlook.com from a new (non-trusted) device, or from a new browser on a trusted device, the security code will be asked. If cookies are allowed, this is then saved and no security verification will be asked from once trusted browser and device. There's no time limit, a once trusted device or browser will remain trusted.
User can of course also select that all or selected devices and browsers will never be trusted and two-step authentication will be required every time simply by not selecting "I sign in frequently on this device. Don't ask me for a code":
This way the browser on this device will remain trusted only for duration of this session, and a security verification code will be asked again on next sign in.
Regarding Microsoft accounts, you have to remember that the same security settings apply to all Microsoft services on a browser; If user has selected to let Outlook.com to ask security verification each sign in, then tells OneDrive.com not to ask the code again on same browser, Outlook.com will also stop asking the code. Trusting OneDrive means that you also trust Outlook.com, and any other Microsoft service you sign in with same email address.
Other services, like for instance Office 365 for Business and Enterprise limit the time how long a device or browser will remain trusted. By default O365 for Business / Enterprise will ask the security verification again in every 14 days. This can be extended by O365 admin for up to 60 days. However, if user prefers to be asked a security verification code every time, he / she can simply choose not to select "Don't ask again for XX days". Doing this, a two-step authentication will be needed every time from every browser and device:
To put it short, a two-step authentication means that user can sign in without any extra efforts on each device and browser he / she has chosen to be a trusted device or browser. Whenever a sign in is attempted from a non-trusted browser or device, authentication is required.
I like the security I get using two-step authentication. I would not even dream about using an email service that does not offer it.
Kari
Each E-Mail address is unique.
Each password is unique.
When setting up an e-mail address with your supplier you will be informed if it has already been registered, and if so you will be offered a choice of alternative amendments....ie- perhaps added numbers.
Passwords already registered will be rejected.
These are your two step verifications......already built into the system after registration.
Quoting the words of a song.....you can`t have one without the other.
Kari, post explains in more detail when you might need further verification.
Last edited by dencal; 03 Jan 2017 at 04:43.
Quote
