Tips for protecting your Yahoo! Mail account
- Posted September 18th, 2008 at 12:39 pm by Ryan
- Categories: All-New Mail, Anti-Spam, Classic Mail, General, Security
We want to make sure we give users info about steps they can take to enhance the security of their account. So our VP of Mail, John Kremer, has put together a message (courtesy of the Yodel blog) that highlights many of the things people can do to protect themselves online.
—————————
Mail security tips
There are nearly 275 million Yahoo! Mail account holders worldwide.
Since one Yahoo! Mail address is in the news today, I thought this might be a good time to remind everyone about some online safety tips that will help protect your account. (In order to protect the privacy of our users, we can’t get into specific details of any of our users’ accounts — we know you’d want us to do the same for you!).
- Choose a strong password. It’s like a toothbrush – choose a good one and don’t share it. Your Yahoo! Mail password can be any length and can contain spaces, symbols, or numbers –- letting you come up with something that’s easy for you to remember but impossible for someone else to figure out.
- Avoid using a complete word from a dictionary (English or otherwise) or a name.
- Use at least 7 characters. The more the better. A long but simple password can be safer than a shorter complex one.
- Use a combination of capital and lowercase letters, numbers, and standard symbols (! @ # $ % ^ &, etc.).
- Don’t use personal information that someone could easily figure out. Avoid a password based on information easily obtained about your (a birthday, your child’s name, your phone number, school name, etc.). Don’t use a password you already use for another account, like your bank account PIN. And don’t’ use your Yahoo! ID (or other username) in any form (reversed, capitalized, doubled, etc.).
- Avoid the obvious. Attackers tend to first try repeating letters or number sequences (123456). Stay away from “test” or “password.” And when you change your password, which you should do relatively often, don’t just add a number to the end.
- Create a sign-in seal. Yahoo! and many financial institutions let you personalize your sign-in page to help you make absolutely sure you’re not falling victim to a phishing scam. See a photo of your cat Rupert? You know it’s safe to proceed.
Cybercrime is an industry-wide issue and we’ve been working with the industry in combating it (with innovations like Domain Keys). Rest assured that we take security and privacy very seriously here.
You are the first line of defense. Head over to antispam.yahoo.com and security.yahoo.com for more tips to help you protect your account, your privacy, and your identity.
John Kremer
Vice President, Yahoo! Mail
- Subscribe via RSS
- 48 Comments
September 18th, 2008 at 8:25 pm
I still wish there was a method to keep my entire email session encrypted - I’m quite worried when I notice that I’m viewing my inbox over an insecure http connection - is this going to be part of the next security update? Maybe we can have that option where our *entire* session is encrypted - not just the login screen.
September 19th, 2008 at 12:21 am
Secure access does seem to exist at https://mail.yahoo.com/ but according to Firefox its security certificate is only valid for login.yahoo.com. Perhaps this could be fixed?
September 19th, 2008 at 9:15 am
Sign in seal? How would that be a safety feature? My seal lasts for all of 2 weeks before it disappears. I’ve stopped using it.
September 19th, 2008 at 10:12 am
I some time have a blank space for my Mail, I can’t find (refresh) on my desktop?
September 19th, 2008 at 11:13 am
i do not want your mail..i do not wish to deal with you any more than absolutely necessary. i find you to be a group of sfb’s. get out of my face and quit blocking my regular e mail. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
September 19th, 2008 at 3:49 pm
The recent hack of SPs account really speaks to this issue. Just a few guesses and the hacker was in. Lesson = Don’t keep it simple.
September 20th, 2008 at 12:14 pm
I had this person that says he is in East Africa but lives in Scottsdale, Arizona and asked me for money, he called which it was my mistake in giving him my phone # and he called but he only talked. I need to know how you can get people like that from using yahoo. It has been my site for many years and don’t want to change it but I don’t want people like him ever calling me or writing to me. I blocked him off, but when I refused to send him money, he had a fit…..Selza
December 26th, 2008 at 5:49 pm
Selza,
Please don’t take this the wrong way because from reading your message I’m sure you are a very nice, giving and caring person. But, it is people like yourself that keeps email scammers and spammers in business. This is a rhetorical question but why would you possibly give your phone number to a complete stranger, possibly in need at best, more likely a dangerous stalker at worst? Anyway, if there was one area that really needs a technological breakthrough, along with our internet provider’s and email provider’s cooperation, it is spam technology.
Gungi
September 20th, 2008 at 4:38 pm
22 emails from my account, all dealing with one subject, FOIA request, were somehow deleted without my knowledge. I reported to Yahoo! and they suggested I post to this blog. Considering the Palin problem, I’d like to know if Yahoo! will investigate the unauthorized deletions of those 22 emails and report back to me.
September 22nd, 2008 at 3:37 am
ok…
September 22nd, 2008 at 9:32 am
The security tips outlined in this article would not have stopped Anonymous from accessing Sarah Palin’s account. Yahoo needs to allow users to customize their Security Questions and Answers! I just tried to “hack” my own account and was able to answer all of the security questions via online searches. There are no tools within my account settings that would let me change the answers for these (DOB, formerly lived in, etc). Please address this ASAP!
September 22nd, 2008 at 6:17 pm
Terrie, I don’t know how posting this to a blog is going to help you. I think they’re not giving you very good directions.
Glen is right - if Yahoo won’t let us customize our security questions, we’ll all be stuck using questions that all have answers that are easy to research. The idea is that we should have questions that only we know the answer to. If I have to use my mother’s maiden name… that’s really not a good question. Now, my whole family has access to my account.
December 26th, 2008 at 5:56 pm
Ever think of using fake maiden name? If you can’t change the questions, simply change the answers.Just a thought.
September 22nd, 2008 at 6:19 pm
It also seems that these blog posts are getting censored. I posted a response to my security issue, regarding to the fact that my yahoo mail session isn’t using secure https during the email session - the secure part only last during the login page. After that, your data is open to interception.
September 24th, 2008 at 3:34 pm
One thing that can help keep your email account secure is to keep your yahoo SIGN IN ID “secret”, not just the password. This may go against most of the concept of being part of an online community and most of Yahoo mail assumptions. Consequently many users have multiple accounts, one kind of private and another more public.
However, Yahoo email PLUS address Guard enables one to send and receive email while keeping their sign in ID private ( but it could be A LOT better). I use address guard and I always use a “disposable” address, I have not given out the basic sign in ID to anyone (but !Yahoo defaults make it so that I must really work at this, this is one way it could be a LOT better). Not giving out my (sign in) ID makes it maybe a million time harder for someone attempting to hack into my account.
In fact, if Gov. Palin had used address guard, her email account probably would not have been hacked into. I do not know why Yahoo! does not advertise addressguard and its benefits and security. It is $20 a year, but I consider that a very good buy considering the security protection and I don’t get any spam anymore. And I don’t even use the spam filters. But then spam is a different subject with almost the same solution.
Basically one security problem with free email is that the email address is the same as the sign in ID.
To hack into an account one needs the sign in ID. The hacker types in the sign in ID, and guesses the password or says you have lost the password, then has to answer some simple questions. As noted, the answers to these questions are often quite publicly available.
Yahoo! could improve their mail plus, starting with address guard, but making it more secure and anonymous, non listing, non identifying/sharing defaults. The address guard is a good security feature, but there are a lot more security and anti spam steps they need to take to make it a high quality easy to use product. If they had a better product, I would think they could market it and create more revenue. But it is sad this seems and opportunity wasted.
October 9th, 2008 at 11:19 am
If someone accessed my Yahoo email account by answering the security question and then read emails, is it punishable by law? What can I legally do about it? Would it be even worth my time to try to prosecute? Nothing was stolen from me, no bank account info or anything like that. Just emails that I had were read. Please help!!
September 26th, 2008 at 5:10 am
My account was hacked and it seems to be torture for Yahoo to help me. I can’t get a helpful response from the Account Security team. They have the information they’ve requested and it seems like they are just sitting on it. I got an email in my alternate account that my pw was changed and had it reported and the information provided to them within 2 hours. A day later, nothing has been done. Very frustrating.
September 26th, 2008 at 10:08 am
I think I accidentally marked a message as spam how do I undo this problem? I really need to get emails from this person. Thanks for your help.
September 27th, 2008 at 10:14 am
Thanks for help but not need because have’nt the website and i work so how know
September 29th, 2008 at 2:55 am
I’m really getting bombarded by spam even with spam plus. One of my relatives keeps insisting on forwearding spam email harvester emails and now the spammers have my email its getting bad again. I dont think spamguard plus is working as well as it could and now I’m getting spammed in Kangi.
What would help is if there was a way of easy to use black and whitelists. The filter functionality does this - sort of - but is really difficult to use. I’d like to be able to right click on a message and add it to an “approved senders list”, or a “blacklisted sender” based on subject. email address or keywords. For example I want to be able to move anything that includes Nigeria and Million into my blackisted sender.
this would really help
December 7th, 2008 at 12:02 pm
do you have a problem with Nigeria or something?there are as many scammers in almost every country around the globe.I’m not supporting this act but to come to publicly declare Nigeria as being blacklisted,men you have issues you need to sort out yourself.As a matter of fact,Nigeria is going to be the most desired country to live in by 2025.I’m a Nigerian and I’m proud to say that okay.Nigeria is the most blessed country in the world,just wait and see.
December 26th, 2008 at 6:23 pm
No offense but the person probably doesn’t know anyone from Nigeria and frankly neither do I. So, do you think it is OK to receive 15 spam mails a day from Nigeria if you don’t know anyone from Nigeria? And by the way, they clearly say they are from Nigeria.
ps: sunil, if you are using Winmail that comes with Vista, you can block emails from specific countries (not just Nigeria) in the ‘Tools > Junk email options > International’ tab. If you use Yahoo Plus you can use ‘POP & Forwarding’ in the ‘Options’ section to send your emails to Winmail or Outlook directly. If you use the free Yahoo, then use ‘YPOPs’ to accomplish the same.
Gungi
September 29th, 2008 at 11:18 am
Hi - regarding Yahoo mail, security and privacy - I am thinking about switching from Gmail to Yahoo. However - there is a serious privacy issue that worries me.
When I signed up for my new Yahoo email, you created a public profile
for me, like this:
http://profiles.yahoo.com/MY_YAHOO_EMAIL
Now - any spammer can easily check for new profiles (automated scripts, for example - as non-existing profiles give an error page, as opposed to the ones that do exist), take the user ID and start spamming. Why is this made public? How can I switch off/hide the main public profile?
I have emailed the Yahoo member directory - but apparently, you can not switch your mail profile off.
Within MINUTES of opening my new email account I started receiving spam.
Don’t you think this is a serious privacy issue - you are basically making all new Yahoo email accounts public? Why not put all new Yahoo emails on the side of a bus? In Russia.
Best regards!
September 29th, 2008 at 7:55 pm
thank you for finding my account back
September 30th, 2008 at 12:09 pm
Would you please help me reinstate my old inbox email, it was accidently deleted from recycle bin…Please help .
October 2nd, 2008 at 4:09 pm
Hi
October 2nd, 2008 at 4:10 pm
Iwant my inbox
October 5th, 2008 at 8:55 pm
sunnis comment on blacklisting e-mail from nigeria million $$ made me laugh plese let us block un wanted e-mail ,spam, hoax,scamartists etc.. thank you.
October 5th, 2008 at 8:56 pm
please let us block un wanted scam artist scammers cons, a black list would be helpful make this happen for us.. please???
October 7th, 2008 at 7:35 am
I do not trust,believe whatever you say guys!!!!!!!!!! I mean this is unreal, you tell us to do one thing and the next minute it ain’t safe to do so???? and bla bla bla.Can you just be straight. Just let us know if the safest thing ever to do is just cancel and change an account every week………….OK??????????
January 3rd, 2009 at 6:02 am
Yes, the safest thing to do is cancel your account. Ask any Professional person who’s job is to fully educate & protect minors as well as adults from the dangers of cyber strangers…..as in: how your info is secretly traced/obtained & lack of privacy. Yahoo is like a box of chocolates….u never know what’s out there.
October 14th, 2008 at 10:29 am
Hi ,
Great new update to Yahoo Mail , Well done Yahoo. I can’t wait to start using the Calender once I log in later.
October 14th, 2008 at 10:30 am
Hi ,
Great new feature , Well done Yahoo. I can’t wait to start using it.
October 17th, 2008 at 5:05 am
My yahooe-mail won’t let me send pictures, says can’t find host smtp
HELP
October 20th, 2008 at 11:12 pm
my yahoo messanger s lock
October 21st, 2008 at 4:10 pm
When is Yahoo going to fix the disconnect between the new Flash Player 10 and the Yahoo Mail chat function? Cannot use chat from within Yahoo Mail now that Flash 10 is installed…and it’s been broken for several days now. When will this be corrected?
November 9th, 2008 at 5:00 pm
yes, this is making me crazy
November 10th, 2008 at 6:45 am
I just wish that all of the “Spammers” would leave us alone. Especially from other mail accounts. I have found out from the FCC that it is illegal for anyone in the U.S. to give “them” info, but not vice versa. Imagine that! So, if your email gets shut off from another person complaining that is not from the U.S. and/or has a Yahoo account, then it is tough luck for the U.S. Citizens? There has to be a way to combat this!!!!
People of the United States of America,
Under One Nation,
Undivisible,
For Liberty and Justice for All,
We the People for the People, by the People
Let us unite together and combat these spammers and place them out of business by tring to steal from our elders, brothern and sisters alike.
December 26th, 2008 at 6:46 pm
I applaud your patriotism, however, it is Indivisible’, not ‘Undivisible’.
November 18th, 2008 at 6:35 pm
I logged in on Saturday evening 11/15 and realized my entire e-mail account - over 3000 e-mails from the last 5 years are gone, deleted, no where to be found. All my folders are gone as well. As for my identity, if you were to receive an e-mail from me in the last couple of days instead of it showing – my name as the sender it displays an obscene statement. I contacted Yahoo mail support through a form and asked to restore my e-mails. Yahoo requires 20-30 hr window to be able and retrieve messages, I gave them 24 and was told it is outside of their window??? I then gave 20 hr and received the same answer. It has been 3 days of back and forth. Of course now, I am outside of that time frame. As for my identity, after finally reaching someone by phone, I was showed how to restore my identity (name of sender). Everything looks good, until you check your sent e-mails and realize there is no record of any e-mails being sent – 0.
I also reviewed some test e-mails to a Gmail account. The sender identity seems to be my real name, however if you hover over my (sender) name you will see the same obscene statement following me around.
I lost all my e-mails, and my identity has been compromised, this is some serious breach in your system’s security.
November 19th, 2008 at 6:00 pm
I am getting a “YAHOO LAST WARNING !!! (VERIFY YOUR YAHOO ACCOUNT TO AVOID IT CLOSURE)” e-mail. It is asking for my information - is this for real?
December 8th, 2008 at 2:54 pm
I got that too. I marked it SPAM but it keeps showing up. Let me know if you find out what to do. Thank You.
December 4th, 2008 at 6:43 am
jineshratnawat@yahoo.com
December 10th, 2008 at 3:13 am
put your question before adding comments.
yes i added and sent an invitation to both jineshratnawat@yahoo.com
and jineshratnawat@gmail.com
reply me on jinni_lopez@yahoo.com
December 5th, 2008 at 12:15 pm
The address line fshowing or our yahoo mail is http://us.mc317.mail.yahoo.com/ .
Is this a virus? What should I do?
December 8th, 2008 at 2:52 pm
I keep getting e-mail from someone acting like yahoo saying I need to update my account. They want all my nformation. Now if this was yahoo , wouldn’t they know all this? I mark it SPAM, but it keeps showing up. What do I do?
January 2nd, 2009 at 3:06 am
I ignore and delete obvious scams, especially the lottery ones.
They are easily identified by the pidgeon english and country of
origin.
June 15th, 2009 at 5:28 am
[...] For more tips, be sure to check out our guidelines for spotting online scams and top tips for protecting your Yahoo! Mail account. You can also head over to antispam.yahoo.com for additional information on protecting yourself [...]