go to sections menu

Yahoo forcing random password resets … am I the only one supporting someone having trouble? from blog The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: accessibility newsand issues , article commentary , security news and commentary > Yahoo forcing random password resets … am I the only one supporting someone having trouble?

Go to Homepage, contents or to navigation menu

sections menu

fine menu sezioni pagina

Yahoo forcing random password resets … am I the only one supporting someone having trouble?

This is more of a curiosity thing than anything else, but I have a hunch from what I’m told that this has been going on for a number of years now.

The service AT&T has email service. When we started with this service it was known as SBC Yahoo! Through the years, some have gotten straight att.net addresses although the web site is a dot com for everything else.

In this world, we’ve got many types of people with varying degrees of capability in the technology world. We also know that Yahoo! email has been breached and that came to light three years after the fact.

When you authenticate as an SBC Yahoo! customer using mail, you go to the Yahoo! mail web site.

The authentication is your full email address I.E. which belongs to me. It also asks for your password, which is the account password for that address.

Here’s the problem. I was able to switch the account to a different interface two weeks or so ago. But for awhile now, ATT Yahoo! account holders need to reset their password every two weeks.

My grandmother has had an SBC Yahoo account for a number of years, and has never experienced this until recently. I never experienced it, although I don’t use my SBC address anymore, in favor of my accounts on my domain and my gmail. I understand this has been going on for a couple of years now, and enough is enough! The National Institute of Standards and Technology (NIST) folks changed the guidelines where passwords are not needing to be changed as often, as long as there is not a valid reason for the passwords to be reset.

My grandmother is older than most on this blog, reads facebook, comments on things, plays games, checks email, and does some shopping on amazon for things she needs. Nobody except ATT Yahoo! services have prompted her to change her password.

Here is my hunch based on what I know:

  • passwords may not be as secure as they should
  • company never sent email to my knowledge about said policy
  • too much time was spent on hold trying to get the issue resolved and
  • frustration as to why no email can be accessed and wondering why the account was locked out.

I’ve never seen any of this behavior with any company before. Unless there was a valid reason, I’ve never changed my password, even after all of these breaches. The fact my biological data is potentially out there now, its game over for me! I know this, and I’ve been working hard to make sure I don’t use the same password everywhere and thats why I have Lastpass, the last password you’ll ever need.

I’m thinking that this is targeted because of the potential weakness of the passwords given to me, yet my password may not be all that secure over there anyhow. I’m thinking it may be the same password i use somewhere else.

So ATT, what gives? Why are you making an elderly person who has no knowledge of why and what to do about the issue if you don’t tell them in writing or email or phone?

If this issue persists, I’ll have no choice but to help her either set up a gmail, or even set up an address on the domain purchased for her and hosted through me. Then, I’ll either have to show her that web mail, or set it up through Tunderbird.

For someone who has so much in the way of notifying people and companies, I’m not going to be impressed with having to have her do all of this, and I can hopefully have mail forwarded to the new address in the meantime, but this is enough! Was it the weak passwords? You can check the hashes without knowing the password, and if you notice its weak, reach out! There is no need to make someone change their password every two weaks without probable cause. I know nobody else who is going through this experience, and I’ve not been tipped off to any articles saying there is a problem of this scope.

If anyone else is experiencing this, I’d love to hear from you. Please get in touch!

Informazioni sull'articolo

Yahoo forcing random password resets … am I the only one supporting someone having trouble? was released on January 6, 2020 at 1:00 pm by tech in accessibility newsand issues,article commentary,security news and commentary.
Last modified: January 6, 2020.

Comments (2)

  1. Comment by tech date 7 January 2020 alle 14:55 (),

    I’m not in disagreement with you. I know the network doesn’t have that, and I’ve heard stories where Google locked it when you’re not at home base. I understand why, and nothing is perfect. I do like the idea of what Google is doing, but they shouldn’t block based on IP alone. Maybe they should monitor to see if its every day usage, and if multiple attempts are made from an IP, than lock it. I’m not sure what the solution is.

  2. Comment by crashmaster date 7 January 2020 alle 14:50 (),

    Hmmm I would change away from yahoo.
    Sounds like they are going stupid with security.
    Pluss I don’t trust them anymore.
    There was a breech a few years back which caused a lot of issues.
    And while it was fixed there was a rumor saying new zealand was the last to get fixed.
    Last year they basically killed off their groups.
    They do have groups, but its all privatised with no public content at all and groups only beeing able to be used by those that know.
    So if you don’t know then you can’t use them.
    I suspect more likely they couldn’t be bothered securing things or had other issues.
    Now there is groups.io and everyone likes it.
    I have got several possible hack attempts on google and ms, and have been able to change my password and it works.
    I do however have issue with google and its 2step security and less secured apps policies.
    Namely that every app and site on google with 2step needs its own password which not only doesn’t make sence but really turns people away from 2step completely.
    I have also noticed a lot of 2step stuff either has email and phone varifications or emergency backup codes to enter which is fine I guess.
    The other issue with google, is that less secure apps just means that bar apple and microsoft mail, google want you to use their apps so basically they are pushing users to use their apps.
    They are also turning off features that are unused less secure apps is one of these features.
    I’d imagine if they could they would be happy to allow their apps only and thats all.
    Another issue I have is overzellous security especially with google and maybe others.
    I fully understand that if I login to an account I’d expect to get notified about it and have to varify myself.
    Thats fine, but what I don’t care about is if that person is on their account and half way around the world, I can’t support them or anything because google will immediately lock everything till I handle it and change all the codes.
    So not only am I spending a fortune on a long distance call to get things working, when they get back I have a job reformatting and resetting everything for it to work so I can’t support anyone I need to online into when away.
    So my aunt is going to india for a holiday and I can’t support here remotely here because of this.
    Again I understand why but still.

Leave a comment

You must be logged in to post a comment.

go to sections menu

navigation menu

go to sections menu