Yahoo Answers is shutting down on May 4th, 2021 (Eastern Time) and beginning April 20th, 2021 (Eastern Time) the Yahoo Answers website will be in read-only mode. There will be no changes to other Yahoo properties or services, or your Yahoo account. You can find more information about the Yahoo Answers shutdown and how to download your data on this help page.

Letrise asked in Computers & InternetSecurity · 8 years ago

Does yahoo mail use a symmetric key when accessing email?

For instance, when one wants to access his or her yahoo mail account, he/she has to type in a username and password. Does yahoo mail use a symmetric key to encrypt the password?

2 Answers

Relevance
  • Anonymous
    8 years ago
    Favorite Answer

    Apart from the encryption type, a bit of clarification is in order:

    To access your Yahoo account requires your username and password. That is done using SSL/TLS protocol. It is at this time that you can examine the Certificate 'details' and see what is being used.

    Once logged in, you can fetch your mail, but unless you have manually set it to do so, it is NOT encrypted; you will be dropped to normal channels (or 'http').

    To take this essential step, in Yahoo Mail, cursor over the upper right 'gear'> Mail Options> General tab, near the bottom, check the box "Make your Yahoo! Mail more secure with SSL"> tick "Save" near the top.

    Your browser should then be accepting the Certificate for "mail.yahoo.com", and whenever you connect to it, there will be the address pre-fix 'https'. Always look for that.

    This step is absolutely critical if you ever use a computer (or any smartphone, tablet, etc.) in a mobile situation, like at a "hot spot" cafe, library, or anywhere really.

    And likewise Home computer units should make the adjustment just for the sake of security.

    Firefox, with "HTTPS Everywhere" will ensure this connection is always made.

    SPECIAL NOTE;

    This will not prevent account hijacks ENTIRELY: it only works when you "log-in" to Yahoo and go right to mail, then "log-out" from Yahoo. If you migrate to other Y! services while logged in, you will be dropped to normal channels and THAT is when your 'session authentication' cookie could be 'sniffed', allowing someone else to log-in as you.

    ********

    If you're having to log in again while using Yahoo, you need to establish one session authentication cookie, then open other Yahoo services in new tabs.

    ►►Close all open Yahoo tabs except the one requesting the 'log-in' [be certain it has "https" at the beginning of the address]> fill out your info> check the box regarding the 2 week status if desired> log-in.

    Then for additional Yahoo services (mail for instance), right click a hotlink, then "Open in a new tab". Repeat for other services as needed. (Pushing straight down on some mouse wheels will accomplish the same thing...try yours and see. It's called 'center click')

    Browser settings (regarding 'cookie clearing') also need modification to retain this authentication cookie.

    See what yours are in: browser Tools> Options> Privacy> cookies. Details depend on what browser you use.

    System cleaning utilities (like "CCleaner") may be scrubbing out this authentication cookie and should be modified to ignore the Yahoo cookie.

  • Anonymous
    5 years ago

    i can acquire digital mail, yet can not deliver digital mail. it is not bouncing back, the recipient isn't receiving it. Have sent it three times. Even tried sending it from my son's pc on his yahoo account. help!

Still have questions? Get your answers by asking now.