
Yahoo Email 2 factor fail - biff
So.  I had a Yahoo! mail account.<p>A half-hour ago, I attempted to log into it.  It&#x27;s a long-neglected thing, something I care about on a roughly 12-18 month basis.  Gave CmdrTaco well-wishes through it once, back when it was merited, otherwise it largely collected spam and served as my Slashdot contact if I forgot my password.<p>After attempting to log into my Yahoo! account tonight, after what must be ten+ years of my account&#x27;s existence, I now receive this: &quot;Traveling somewhere new?&quot;, and a link to a hidden e-mail address where a code can be sent to verify, well, me.<p>I remember my username and password.  But, and this might be super-archaic, I also remember a time when this was sufficient to give me access to my account.  I haven&#x27;t a clue where b<i></i><i></i><i>@p</i><i></i><i></i>.net is.  I&#x27;ve suspicion it was an 11+ year old redirect to an ISP email address I haven&#x27;t had for 11+ years, and it is of no use to me that I can send a code to it in lieu of them allowing me to log in with, you know, the actual credentials I have and have supplied to them when creating the account.<p>I post this whining to Hacker News for this: please, don&#x27;t chase an idea so far that you lose sight of your users&#x27; actual needs.  In this case, 2-factor only matters if I can be counted on to know both factors.
======
biff
I was limited in what I could write in the post, but this was something that
just hit me after years of being able to log in with my username/password on
Yahoo!.

I'm sure it was a well-intentioned guard against spammers that mercilessly
attack Yahoo! accounts, but it's effectively locked me out as a genuine user.
I'm definitely miffed because it'll cost me, but at the same time, I implement
systems like this for small businesses for a living, and it's a constant thing
on my mind how what I do will impact users down the line. I get so nervous
about inadvertently pulling something like this!

