Modernizing Authentication — What It Takes to Transform Secure Access
Without publicly announcing the move, Yahoo has added the option of using an SSL connection to access its webmail service.
"The HTTPS option is not enabled by default, but users can turn it on with a couple of clicks. ... To enable the SSL option, users can go into the Options tab and click the box next to 'Make your Yahoo Mail more secure with SSL," notes Threatpost's Dennis Fisher.
"HTTPS, a combination of the HTTP and SSL/TLS protocols, encrypts the traffic between Web clients and servers and prevents potential attackers from intercepting and inspecting potentially sensitive communications," writes Computerworld's Lucian Constantin. "The lack of full-session HTTPS can be exploited by attackers to hijack accounts and intercept traffic on open wireless networks and also enables some governments that control the Internet infrastructure in their countries to spy on the private communications of political activists, members of the press and other individuals."
In a recent blog post, Electronic Frontier Foundation senior staff technologist Seth Schoen wrote, "If you're a Yahoo! Mail user, please take this step right away to protect your privacy when reading and writing e-mail. We'll also be looking into how HTTPS Everywhere can automatically protect users by making all access to Yahoo! Mail secure, even if users don't realize that this option exists."
"It's unfortunate that Yahoo has made the HTTPS/SSL setting disabled by default, meaning that users are required to turn it on if they want better privacy," writes Sophos' Graham Cluley. "Hopefully in time, Yahoo will decide to enable the option by default -- as it is with Gmail, Hotmail and Outlook.com. Now, is it too much to hope that AOL might be the next to implement a HTTPS option for its email service?"