
I will never be able to log in to Flickr again - ngzhian
http://ngzhian.github.io/blog/posts/2014-05-24-yahoo-flickr.html
======
nicw
"I was surprised to find out that Flickr now requires a Yahoo account to log
in. I’m not sure when this was implemented..."

Yahoo usernames were required in 2007:
[http://news.bbc.co.uk/2/hi/technology/6316761.stm](http://news.bbc.co.uk/2/hi/technology/6316761.stm)

~~~
ngzhian
I'm pretty sure from 2007 till 2014 they made some changes to allow users to
log on using Facebook/Google accounts, and they reverted in recent months

------
freditup
This feels sensationalist to me. Password requirements, a captcha, and
(optional I think) phone verification are common on many sites. I was able to
create an account in about 30 seconds. I think if the author wants to, he will
be able to log in to Flickr in the future

~~~
ngzhian
Yes many sites do require that, but Yahoo? I expected a little more from them,
does it even make any sense to have such password requirements anymore? Also,
I can't tell for sure if the phone verification is optional, it could be
required for new sign ups randomly. Yea I most definitely can, but I will
definitely don't feel like logging in anymore.

~~~
freditup
The requirements are reasonable in my opinion: the length range prevents too
short of passwords, and the variety of characters range prevents some of the
weakest passwords: 'password' for example. Not allowing whitespace in
passwords can prevent a lot of headaches - say I wrote a password on a piece
of paper. How do I represent two spaces vs. one space? Nicer for Yahoo to not
have to have to deal with that type of problem from angry users.

All CAPTCHAS are a pain, but the reasons for having one are fair.

The phone verification is a more interesting issue. When I created an account
yesterday, it never asked anything about phone verification. And some people
don't perhaps have phone access who could be trying to register? If it is
randomly mandatory, that's a decent pain and privacy issue. I'm guessing it's
probably opt-in or opt-out though

Do I agree with all their decisions? Not really, but I can see why they were
made

------
tonymillion
Yep Yahoo! does have pretty much the worst sign-in/sign-up system on the
internet. Its even worse than LinkedIn.

Maybe instead of spending billions buying and "sunsetting" random mobile apps
or mediocre blog platforms Marissa should dedicate a single high school
dropouts salary to fixing the damned thing.

I've all but given up on logging into any Yahoo! property at this point.

------
stretchwithme
At least when you log in to flickr, you don't get the message "Hello- new
account signups are temporarily unavailable from this network address space
used by your Internet Service Provider", as I've been getting for so long.

Maybe some day, Yahoo will get their heads out of their asses and restore
access to my old photos. I'm not holding my breath.

------
usablebytes
The worse, I guess, is the password constraint. I really fail to understand
why should any application (except banking, may be) force its users to go for
difficult passwords. I agree, it weakens the security - but warn them, don't
force them. It should be a guideline; not a rule. Whether I want to follow it
not is my decision; my risk.

~~~
pooper
I can't think of a set of rules to make passwords secure. It all feels like
smokes and mirrors at this point. Are we going to have a blacklist of
passwords that you can't use as passwords anymore (and require users to change
password on next log in as we add new items to the blacklist)?

Otherwise, the more I read about these experts who can get 90% of a 16k
password hash list figured out in a few hours, I can't think how MyAuntSally1
is any safer than donkey

------
m_myers
I'm still able to log in to Yahoo! with my Google account, although it seems
they're phasing out that option:
[http://money.cnn.com/2014/03/05/technology/yahoo-google-
face...](http://money.cnn.com/2014/03/05/technology/yahoo-google-facebook-
login/index.html)

------
benatkin
I found the tool used to generate the blog interesting. Hakyll, a static site
generator for Haskell inspired by Jekyll, which uses pandoc to generate HTML
from Markdown. [http://jaspervdj.be/hakyll/](http://jaspervdj.be/hakyll/)

------
cordite
For the author, typo on 'asking', " indicates an error, askign me to"

------
butwhy
Yahoo don't care about the user experience. I hate the fact that flickr was
bought by them and not Google. The requirement to have a Yahoo account to sign
in to it is a bit of a joke, considering how their mail service might as well
not exist any more.

------
nwh
No spaces in passwords? Obviously not hashing them.

~~~
pconner
Spaces are just characters. Their presence has nothing to do with hashing
algorithms working or not.

~~~
PavlovsCat
That's the point; since spaces in the password cleartext should not matter for
storing the password hash, what would be a good reason to disallow them?

~~~
aaronem
There isn't one.

~~~
nwh
Which begs the question why I was downvoted heavily and posted to
@shit_HN_says for making the comment.

~~~
aaronem
How the hell should I know? But if I had to guess, I'd say it was because your
prior comment implicitly equates "spaces prohibited in passwords" and
"passwords not hashed" and assumes the latter as a necessary consequence of
the former, when the two are entirely unrelated.

Now, to be fair, that's an uncharitable interpretation of the comment you're
complaining about. But you helpfully make clear in a later comment that that
was what you meant:

> I'm saying that because they're disallowing the submission of spaces, they
> aren't hashing their passwords when they get to the server.

And that just doesn't follow, and that's probably why your comment is getting
downvoted, but not why I downvoted it just now. I don't downvote for content,
but only for rudeness, unfunny jokes, and complaining about downvotes.

