I’ve been reading about how lots of online services now use 2-step authentication or verification to ensure that no-one else breaks into your account and it sounds great. I have a cellphone that’s always with me, so the idea of the system sending a temp second password to my cell phone and requiring that I enter that too sounds great. But does Yahoo have it yet?
As I write this, Yahoo’s 2-step verification system is still in beta, but if you’re in the USA or Canada, you should be able to tur it on and add to the security of your account. Problem is, they have a kind of half-hearted implementation when compared to sites like PayPal or Google, because however you configure it, the system only adds the second challenge if the device logging in hasn’t been seen before. This means that, for example, if someone has your password and uses the same computer you’ve done in the past they can still get into your account without any 2-step anything.
Still, it’s better than nothing and I’m such a big fan of a security system that’s a combination of what you have (your cell) and what you know (your password) that I still highly encourage every Yahoo user to enable this additional level of security!
To turn it on, log in to your Yahoo account, then click on your name in the top left corner. In this example, I was in Yahoo Mail:
If you’re thinking that “Account Info” is the correct choice to make off this menu, you’re right. Do so and you’ll need to log in again…
Given that you’re going to change your account settings, you should be glad that you need to verify that you do have legit access to the account. It’s a good thing. Enter your password, click “Sign In” and you’ll be on the account settings page.
On that page, look for the choices under the title “Sign-In and Security”:
Changed your password recently? If not, take a two minute detour and update it. A good security step.
Now scroll down and click on “Set up your second sign-in verification”.
No, really. You want to do this. Click on the check box adjacent to “Check this box to turn on the second sign-in verification” and a small window pops up:
If it isn’t showing your current mobile number, click “Use New Phone”. Make sure it can receive text messages!! If it is the right phone number, click on “Use Current Phone” and Yahoo will send a short text message to the device and prompt you to enter the code:
On my iPhone, the message looked like this:
I entered the — obscured in the picture — ten character code and clicked on “Verify Code” and it was all set up and ready to go!
One wrinkle, though. By default the 2-step authentication is only one of two ways to confirm your identity when logging in. That’s daft:
I suggest you do what I did: select “Only use my mobile phone number for verification”. It’s more secure and it’s frankly why you set this up in the first place.
So there you have it. Yahoo’s got a little ways to go with this when compared to other sites with this similar 2-step verification system, but it’s still better than just a password.