Welcome to WebmasterWorld Guest from 54.196.231.129

Forum Moderators: werty

Message Too Old, No Replies

Yahoo! Launches Sign-in Seal to fight Password Theft

Sign in Seal

     
7:10 pm on Feb 8, 2008 (gmt 0)

Junior Member

5+ Year Member

joined:Feb 26, 2007
posts:84
votes: 0


Hi there,

We’re launching the Sign-in Seal feature on the Log-in page of your account to help fight password theft and phishing scams.

A Sign-in seal is a secret message or photo that Yahoo! will display on one computer only. You have the option to create a custom seal or text for signing into Yahoo! Search Marketing. The seal is there to tell you that you're seeing a genuine Yahoo! site, not a phishing site. If the seal is not there, it could be a fraudulent page created by a phisher to hijack your account.

The seal is cookie-based and linked to one computer (not your Yahoo! ID); so you need one for each computer you use. This is available in the US market only.

For more details read our Yahoo! Search Marketing blog post: [ysmblog.com...]

Thanks for your feedback!

My best,
YahooPete

6:24 pm on Feb 10, 2008 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Jan 22, 2005
posts:1152
votes: 4


Very interesting, Pete. Thanks for the news.

We're looking at security on a new project we're starting now. Our PHP people have outlined some annoying problems with the basic email link after registering with user name and password.

Our new site will have the attention of teens and pre-teens, so they might take a run at playing around with it.

Anyone here know of providers of this kind of "sign in seal" that Yahoo is providing? Anyone else had any experience with this, good or bad?

I'd be interested in reading a paper or report on the pros and cons of this. As YahooPete's link noted, this kind of thing is getting common at banks now.

6:52 pm on Feb 10, 2008 (gmt 0)

Preferred Member

5+ Year Member

joined:July 13, 2006
posts:500
votes: 0


I do not think you will need a provider, it would be fairly simple for you to implement (assuming there are no patents on it or anything)

The system works like this...

1. User uploads a photo or special text.
2. Yahoo dumps a cookie on this computer with a reference to the image.
3. When the user visits yahoo they will see their photo or message, if it is not there then they know it is a scam.

It sounds like a good idea.

7:22 pm on Feb 10, 2008 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member

joined:May 14, 2006
posts:652
votes: 0


"This is available in the US market only"

Will Yahoo ever learn that the Internet is a global thing?

7:23 pm on Feb 10, 2008 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Aug 8, 2004
posts:1679
votes: 0


The problem with those scams is that victims are usually the people who will never even consider uploading such images, and those who do are probably careful enough not to fall for scams that typically come from email spams.
2:03 am on Feb 11, 2008 (gmt 0)

Senior Member

WebmasterWorld Senior Member swa66 is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Aug 7, 2003
posts:4783
votes: 0


Social engineering for the bad guys around such a measure is trivial. All they have to say is that there is a (unspecified) problem with the system and the victim needs to do something.
[What they are already telling victims anyway to get their passwords.]

Limiting to one country in the world seems well ... not what the Internet is about.

2:09 am on Feb 11, 2008 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Jan 22, 2005
posts:1152
votes: 4


I do not believe you upload a picture. Instead, you select a picture from a list.

Why did Yahoo put this on the search accounts, but not, say, email?

3:19 am on Feb 11, 2008 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Dec 4, 2002
posts:1958
votes: 0


>> Why did Yahoo put this on the search accounts, but not, say, email?

It is available for mail - that is where I saw it first (over a year ago?)

6:02 am on Feb 11, 2008 (gmt 0)

New User

10+ Year Member

joined:June 22, 2005
posts: 20
votes: 0


I live in Canada and I have just created a Sign-in seal for my email account - which is uk based.......?

trouble is the form doesn't work with Mozilla firefox but does with IE7 and I never use IE. Yahoo should make it clearer to people who may not know that this is a browser based strategy not one that is based on "your computer".

interesting idea, but is still vunerable to cookie hijacking.

8:09 pm on Feb 11, 2008 (gmt 0)

Full Member

10+ Year Member

joined:July 19, 2005
posts:211
votes: 0


"This is available in the US market only."

I beg to differ, I'm in Iceland and have already set it up. Might explain though why the first one I entered ca. one month ago disappeared again. I was worried for a while that the phishers ruled my computer.

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members