Yahoo Introduces On-Demand Passwords

[exfileme]

Yahoo is offering another service to better protect its users' accounts.

Yahoo Introduces On-Demand Passwords : Read more

 

[TechyInAZ]

Thumbs down on this one.

When somebody get's their mail hacked from him/her exploiting a back door into this thing is when they would of probably wished they made their own PWs. Just sayin.

 

[drapacioli]

I don't see how this is any less secure anyway since most services these days will email or text you a temporary password if you claim to forget it anyway, so in theory this is no less secure than existing methods, but is far more convenient than remembering a few hundred passwords at once.

 

[Arabian Knight]

Why not just use the MacAddress as a secondary Password ? we all know Mac Addresses are unique ...

Or maybe Yahoo sells usb dongles with unique pass on it ?

 

[triley]

Why not just use the MacAddress as a secondary Password ? we all know Mac Addresses are unique ...

That's a horrible idea, MAC addresses don't route so the web server has no idea what your MAC address is. It is also trivially easy to get your MAC if you're using Wi-Fi, your phone is probably broadcasting to every access point it sees. You would need some mechanism to query your machine for its MAC which a malicious person just needs software to respond to that query with whatever MAC they wany.

 

[noxxy02]

I am sorry Yahoo, you cannot have my cell phone number

 

[f-14]

A) my phone is password protected, still 2 step authentication
B) so prove you know my yahoo email address by telling me what it is, i don't check my yahoo email by my phone, IT'S A PHONE I'LL JUST CALL OR TEXT.
C) i think it's really pathetic for any on to check their email on their phone unless they travel and are constantly on the go and can't charge their laptops. a 5 inch screen with 480 pixels is extremely bad for your eyes to be reading email, not even to mention trying to type on something where one finger covers 8 keys on touch.

i whole heartedly agree with john connor tho, seems like a trick to sign up for robo calls and ads texted to you much like business fax lines get spammed.

and drapacioli is dead on right. even battle net with the authenticator b.s. does this and the authenticators were 2 step that didn't do much to make it any more secure. there's always a hack for everything.

 

[Arabian Knight]

Why not just use the MacAddress as a secondary Password ? we all know Mac Addresses are unique ...

That's a horrible idea, MAC addresses don't route so the web server has no idea what your MAC address is. It is also trivially easy to get your MAC if you're using Wi-Fi, your phone is probably broadcasting to every access point it sees. You would need some mechanism to query your machine for its MAC which a malicious person just needs software to respond to that query with whatever MAC they wany.

This is not what I meant.,

I meant that Yahoo would not accept any connection from any hardware that does not have that MAC ADDRESS . not to use it as a write in Password.,

 

[triley]

Why not just use the MacAddress as a secondary Password ? we all know Mac Addresses are unique ...

That's a horrible idea, MAC addresses don't route so the web server has no idea what your MAC address is. It is also trivially easy to get your MAC if you're using Wi-Fi, your phone is probably broadcasting to every access point it sees. You would need some mechanism to query your machine for its MAC which a malicious person just needs software to respond to that query with whatever MAC they wany.

This is not what I meant.,

I meant that Yahoo would not accept any connection from any hardware that does not have that MAC ADDRESS . not to use it as a write in Password.,

I know exactly what you meant, still a bad idea. MAC Addresses are not encapsulated within TCP/IP, meaning they are only used within your local subnet. A web server has no idea what your MAC Address is and there is no current mechanism for them to know. There are also currently techniques to easily spoof MAC Addresses making any network adapter appear as any other network adapter, they are currently used to bypass MAC filtering on routers or switches. Most home routers have the ability to clone MAC addresses in order to fool the ISP into thinking that your entire network is only the single machine that they approved.

 

[Arabian Knight]

Why not just use the MacAddress as a secondary Password ? we all know Mac Addresses are unique ...

That's a horrible idea, MAC addresses don't route so the web server has no idea what your MAC address is. It is also trivially easy to get your MAC if you're using Wi-Fi, your phone is probably broadcasting to every access point it sees. You would need some mechanism to query your machine for its MAC which a malicious person just needs software to respond to that query with whatever MAC they wany.

This is not what I meant.,

I meant that Yahoo would not accept any connection from any hardware that does not have that MAC ADDRESS . not to use it as a write in Password.,

I know exactly what you meant, still a bad idea. MAC Addresses are not encapsulated within TCP/IP, meaning they are only used within your local subnet. A web server has no idea what your MAC Address is and there is no current mechanism for them to know. There are also currently techniques to easily spoof MAC Addresses making any network adapter appear as any other network adapter, they are currently used to bypass MAC filtering on routers or switches. Most home routers have the ability to clone MAC addresses in order to fool the ISP into thinking that your entire network is only the single machine that they approved.

lol I did not know that. who is the idiot who made it like this ? I thought that scientists are more clever than that.

cant they build a technology secure enough ? it is easy if you put the rules before designing the hardware. but day after day I discover that the PC hardware/software is designed by fools. we need to redesign the whole internet and PC and operating system from scratch again and make a transition. we cant live into this circle of security holes and patches and bla bla , we need a new Secure System from ground up , not to fix issues with our system that is built on 1970's ideas.

 

[jrewolinski]

And sell your cell phone number to spammers too I bet.
I would not trust Yahoo for anything. If you still use their services, STOP! Look at how many times their accounts have been compromised in the past...