Yahoo forcing random password resets … am I the only one supporting someone having trouble? from blog The Technology blog and podcast
This is for the technology blog and podcast Commentary, articles, and podcasts
Yahoo forcing random password resets … am I the only one supporting someone having trouble?
This is more of a curiosity thing than anything else, but I have a hunch from what I’m told that this has been going on for a number of years now.
The service AT&T has email service. When we started with this service it was known as SBC Yahoo! Through the years, some have gotten straight att.net addresses although the web site is a dot com for everything else.
In this world, we’ve got many types of people with varying degrees of capability in the technology world. We also know that Yahoo! email has been breached and that came to light three years after the fact.
When you authenticate as an SBC Yahoo! customer using mail, you go to the Yahoo! mail web site.
The authentication is your full email address I.E. which belongs to me. It also asks for your password, which is the account password for that address.
Here’s the problem. I was able to switch the account to a different interface two weeks or so ago. But for awhile now, ATT Yahoo! account holders need to reset their password every two weeks.
My grandmother has had an SBC Yahoo account for a number of years, and has never experienced this until recently. I never experienced it, although I don’t use my SBC address anymore, in favor of my accounts on my domain and my gmail. I understand this has been going on for a couple of years now, and enough is enough! The National Institute of Standards and Technology (NIST) folks changed the guidelines where passwords are not needing to be changed as often, as long as there is not a valid reason for the passwords to be reset.
My grandmother is older than most on this blog, reads facebook, comments on things, plays games, checks email, and does some shopping on amazon for things she needs. Nobody except ATT Yahoo! services have prompted her to change her password.
Here is my hunch based on what I know:
- passwords may not be as secure as they should
- company never sent email to my knowledge about said policy
- too much time was spent on hold trying to get the issue resolved and
- frustration as to why no email can be accessed and wondering why the account was locked out.
I’ve never seen any of this behavior with any company before. Unless there was a valid reason, I’ve never changed my password, even after all of these breaches. The fact my biological data is potentially out there now, its game over for me! I know this, and I’ve been working hard to make sure I don’t use the same password everywhere and thats why I have Lastpass, the last password you’ll ever need.
I’m thinking that this is targeted because of the potential weakness of the passwords given to me, yet my password may not be all that secure over there anyhow. I’m thinking it may be the same password i use somewhere else.
So ATT, what gives? Why are you making an elderly person who has no knowledge of why and what to do about the issue if you don’t tell them in writing or email or phone?
If this issue persists, I’ll have no choice but to help her either set up a gmail, or even set up an address on the domain purchased for her and hosted through me. Then, I’ll either have to show her that web mail, or set it up through Tunderbird.
For someone who has so much in the way of notifying people and companies, I’m not going to be impressed with having to have her do all of this, and I can hopefully have mail forwarded to the new address in the meantime, but this is enough! Was it the weak passwords? You can check the hashes without knowing the password, and if you notice its weak, reach out! There is no need to make someone change their password every two weaks without probable cause. I know nobody else who is going through this experience, and I’ve not been tipped off to any articles saying there is a problem of this scope.
If anyone else is experiencing this, I’d love to hear from you. Please get in touch!
Informazioni sull'articolo
Yahoo forcing random password resets … am I the only one supporting someone having trouble? was released on January 6, 2020 at 1:00 pm by tech in accessibility newsand issues,article commentary,security news and commentary.
Last modified: January 6, 2020.
Comments (2)
-
Comment by tech date 7 January 2020 alle 14:55 (),
I’m not in disagreement with you. I know the network doesn’t have that, and I’ve heard stories where Google locked it when you’re not at home base. I understand why, and nothing is perfect. I do like the idea of what Google is doing, but they shouldn’t block based on IP alone. Maybe they should monitor to see if its every day usage, and if multiple attempts are made from an IP, than lock it. I’m not sure what the solution is.
-
Comment by crashmaster date 7 January 2020 alle 14:50 (),
Hmmm I would change away from yahoo.
Sounds like they are going stupid with security.
Pluss I don’t trust them anymore.
There was a breech a few years back which caused a lot of issues.
And while it was fixed there was a rumor saying new zealand was the last to get fixed.
Last year they basically killed off their groups.
They do have groups, but its all privatised with no public content at all and groups only beeing able to be used by those that know.
So if you don’t know then you can’t use them.
I suspect more likely they couldn’t be bothered securing things or had other issues.
Now there is groups.io and everyone likes it.
I have got several possible hack attempts on google and ms, and have been able to change my password and it works.
I do however have issue with google and its 2step security and less secured apps policies.
Namely that every app and site on google with 2step needs its own password which not only doesn’t make sence but really turns people away from 2step completely.
I have also noticed a lot of 2step stuff either has email and phone varifications or emergency backup codes to enter which is fine I guess.
The other issue with google, is that less secure apps just means that bar apple and microsoft mail, google want you to use their apps so basically they are pushing users to use their apps.
They are also turning off features that are unused less secure apps is one of these features.
I’d imagine if they could they would be happy to allow their apps only and thats all.
Another issue I have is overzellous security especially with google and maybe others.
I fully understand that if I login to an account I’d expect to get notified about it and have to varify myself.
Thats fine, but what I don’t care about is if that person is on their account and half way around the world, I can’t support them or anything because google will immediately lock everything till I handle it and change all the codes.
So not only am I spending a fortune on a long distance call to get things working, when they get back I have a job reformatting and resetting everything for it to work so I can’t support anyone I need to online into when away.
So my aunt is going to india for a holiday and I can’t support here remotely here because of this.
Again I understand why but still.
Leave a comment
You must be logged in to post a comment.
navigation menu
- Archives
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- October 2019
- September 2019
- August 2019
- July 2019
- June 2019
- May 2019
- April 2019
- March 2019
- February 2019
- January 2019
- December 2018
- November 2018
- October 2018
- September 2018
- August 2018
- July 2018
- June 2018
- May 2018
- April 2018
- March 2018
- February 2018
- January 2018
- December 2017
- November 2017
- October 2017
- September 2017
- August 2017
- July 2017
- June 2017
- May 2017
- April 2017
- March 2017
- February 2017
- January 2017
- December 2016
- November 2016
- October 2016
- September 2016
- August 2016
- July 2016
- June 2016
- May 2016
- April 2016
- March 2016
- January 2016
- December 2015
- November 2015
- October 2015
- September 2015
- August 2015
- July 2015
- June 2015
- April 2015
- March 2015
- February 2015
- January 2015
- December 2014
- November 2014
- October 2014
- September 2014
- August 2014
- July 2014
- June 2014
- May 2014
- April 2014
- March 2014
- February 2014
- January 2014
- December 2013
- November 2013
- October 2013
- September 2013
- August 2013
- July 2013
- June 2013
- May 2013
- April 2013
- March 2013
- February 2013
- January 2013
- December 2012
- October 2012
- September 2012
- August 2012
- July 2012
- June 2012
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- Categories of this blog
- Subscribe to Blog via Email
Join 10 other subscribers
- The tech blog’s pages
- Blogroll
- Crashmasters blog
- Cyberscoop
- Documentation
- Improve Internet Accessibility for Individuals with Impaired Vision
- International friends network stream
- Kim Komando
- Krebs On Security
- Plugins
- Register to this site
- Suggest Ideas
- Support Forum
- supporters and partners
- the blind perspective
- The Jared Rimer Network donations page
- The Phishlabs Blog
- The Security Box discussion list
- The Technology blog and podcast and TSB on amazon music podcasts
- Themes
- toptechtidbits
- WordPress Blog
- WordPress Planet
- “Blind VMS and the Tech podcast join forces”