Welcome to WebmasterWorld Guest from 220.127.116.11
Forum Moderators: werty
We’re launching the Sign-in Seal feature on the Log-in page of your account to help fight password theft and phishing scams.
A Sign-in seal is a secret message or photo that Yahoo! will display on one computer only. You have the option to create a custom seal or text for signing into Yahoo! Search Marketing. The seal is there to tell you that you're seeing a genuine Yahoo! site, not a phishing site. If the seal is not there, it could be a fraudulent page created by a phisher to hijack your account.
The seal is cookie-based and linked to one computer (not your Yahoo! ID); so you need one for each computer you use. This is available in the US market only.
For more details read our Yahoo! Search Marketing blog post: [ysmblog.com...]
Thanks for your feedback!
We're looking at security on a new project we're starting now. Our PHP people have outlined some annoying problems with the basic email link after registering with user name and password.
Our new site will have the attention of teens and pre-teens, so they might take a run at playing around with it.
Anyone here know of providers of this kind of "sign in seal" that Yahoo is providing? Anyone else had any experience with this, good or bad?
I'd be interested in reading a paper or report on the pros and cons of this. As YahooPete's link noted, this kind of thing is getting common at banks now.
The system works like this...
1. User uploads a photo or special text.
2. Yahoo dumps a cookie on this computer with a reference to the image.
3. When the user visits yahoo they will see their photo or message, if it is not there then they know it is a scam.
It sounds like a good idea.
Limiting to one country in the world seems well ... not what the Internet is about.
trouble is the form doesn't work with Mozilla firefox but does with IE7 and I never use IE. Yahoo should make it clearer to people who may not know that this is a browser based strategy not one that is based on "your computer".
interesting idea, but is still vunerable to cookie hijacking.