Yahoo's email Multi Factor Authentication
This is the second article for multi-factor email authentication. This time we will be enabling the security solution for Yahoo email account.
Just as a quick recap: multi-factor authentication is when an extra verification challenge is used to verify the authenticity of the log in request. We can say that a user name and password combination is a one way authentication, it’s the most simple and basic form or authentication that has been around for ages. Though effective and reliable it is not secure enough to withstand the security the latest attacks vectors including basic social engineering. It’s not obsolete by any means or vulnerable to easy eavesdropping attacks since most if not all email providers use https with strong TLSv1.2 encryption to establish communication and data exchange but there are ingenious ways to circumvent the hard encryption.
Here's an example of an email client and server establish a session using TLSv1.2.
HTTPS is something that occurs automatically in the background and there’s no configuration on the user side, even though single factor authentication offers an acceptable level of protection there are more robust ways to increase security.
A few days I logged in to my Yahoo email account and noticed an auto generated message from Yahoo alerting me of possible unauthorized login attempts. Though I really appreciate the technology behind Yahoo security I realized I don’t have to depend on their heuristic approach to protect my account, which led me to implement the solutions a two factor authentication solution for enhanced security.
While all that security is taking place in “single factor authentication” there’s a more secure way for client authentication known as two-factor authentication. With two-factor authentication you still implement your basic user name and password combination but add another verification layer on it, thus the two-factor name. The extra verification is something the end user has and is implemented at the time of authentication, it can be receiving a onetime code, confirming an email or phone call, using a key fob, etc. Most major email provider support enhanced two factor authentication and it is highly recommended to implement them to protect your account. In this article I’ll show you how to enable Yahoo’s two factor authentication.
In order for you to take advantage of two-factor authentication you have enable that function in configuration settings:
First Login to your Yahoo account, then click on your name to open up the account properties.
Now Select the Account Info link
Select Account Security. You will be prompted to enter the password for authentication.
Enable two step verification by moving the button to the right.
You’ll then be prompted to provide a telephone number for verification.
Once you verify the code two factor authentication is enabled in your account. If you’re using 3rd party applications such as outlook, iOS mail, etc. to access your Yahoo email it’s highly recommended you also enable apps password. This is still a two-factor authentication but it’s designed to work interact with application.
Now that have enabled it you or anyone else attempting to login as you will be challenged to enter the “second factor authentication”. Notice the option Yahoo provides, it can either send you a text message to the phone you provided, you can receive an automated call which will provide you with pin or you can choose to receive in an alternative email address.
Once the code is properly entered you will be able to gain access to your inbox.
Enabling two factor authentication is a simple way to enhance your credential security, even if someone is able to guess the password they would not be able to gain access to your account unless they have the provided code. Evidently you need to have a way to receive the code, if you don’t have a phone that can text messages or don’t have direct access to answer phone calls then it may represent a bit of challenge. In the case you can have the option having the code sent to your alternate email address.
An interesting and valid point many people have with such services is that the email providers are collection more information on you by storing your phone number having an alternate email address but if you feel comfortable with it knowing you’re adding an extra layer of security then go for it.
Food for thought:
There is a more robust and secure authentication layer, and as you sure guessed it’s known as three factor authentication. A three factor authentication goes beyond the “something you have” found in two-factor authentication, it’s where biometrics and technology come together to add a layer that relies on “something you are”. Example of it is retina scanner, facial recognition, hand measurement, etc.
The implementation of three-factor authentication is widely used in the enterprise environment but more small and medium-sized organization are embracing as prices become more accessible.