![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Entry tags:
Yahoo weirdness
Forestfen had difficulty logging into her Yahoo Mail account today. She was being prompted to perform an extra sign-in verification step (aka 2-factor authentication). It wasn't simply a prompt advising her to set up 2-factor authentication as I sometimes get; it was actually prompting her to enter a phone number for the security code to be sent to. There was no way of bypassing it.
To Forestfen's knowledge, she hadn't previously turned on 2-factor authentication, nor had she previously entered her phone number on any Yahoo Options page.
This was corroborated by the fact that the extra sign-in verification window had an entry field for her to enter her phone number in. That was the really odd thing about it (though that didn't occur to me until later). Anyone could have entered any phone number, and have been sent a code for logging in.
I tried logging into her email account from a completely different computer, and got the same prompt as she was getting. This at least assured me that the problem wasn't due to malware on her computer.
The prompt had 2 fields, a "Country" drop-down and a "Phone Number" entry field. There were 2 push-buttons - one to receive a phone call, and the other to receive a SMS message. Forestfen first tried the phone call option (she said she got an automated call with a 3-digit number), and then the SMS option (which sent a 5-digit number), and finally got logged in.
The Yahoo Account info page shows "second sign-in verification" is flagged as being in "beta".
I suppose this must be some bug in their logic.
Crossposted from Dreamwidth. Comments there:
I'd prefer you to leave comments on the Dreamwidth page rather than here;
you may do so anonymously or with OpenID.
To Forestfen's knowledge, she hadn't previously turned on 2-factor authentication, nor had she previously entered her phone number on any Yahoo Options page.
This was corroborated by the fact that the extra sign-in verification window had an entry field for her to enter her phone number in. That was the really odd thing about it (though that didn't occur to me until later). Anyone could have entered any phone number, and have been sent a code for logging in.
I tried logging into her email account from a completely different computer, and got the same prompt as she was getting. This at least assured me that the problem wasn't due to malware on her computer.
The prompt had 2 fields, a "Country" drop-down and a "Phone Number" entry field. There were 2 push-buttons - one to receive a phone call, and the other to receive a SMS message. Forestfen first tried the phone call option (she said she got an automated call with a 3-digit number), and then the SMS option (which sent a 5-digit number), and finally got logged in.
The Yahoo Account info page shows "second sign-in verification" is flagged as being in "beta".
I suppose this must be some bug in their logic.
Crossposted from Dreamwidth. Comments there:
I'd prefer you to leave comments on the Dreamwidth page rather than here;
you may do so anonymously or with OpenID.