If they hacked the server, all they would likely have to do is exhaust
the hash's keyspace no matter how many parts were involved in the
hash's creation. They've had two years in this case, but it could have
"Taxed and Spent" wrote
| > Simple answer: just change it now.
| That is a simpleton answer.
| Is there anybody who can answer the question I raised?
It's a simple answer for a dumb question. If you
don't know when you last changed your password
then who would? If you think Yahoo does then ask
them. What other possibilities are there?
Or you could just change your password now.
You might also want to consider getting real email
(from your ISP, a paid account, or your own domain)
and not using Yahoo or other freebie webmail.
To quote Queen Hillary, "What difference does it make [when you last
changed your password (in this context)]?"
There is no penalty for changing your password "too often," the only
risk is not changing it often enough and being sloppy with creating it
and storing it.
You don't need it to change it with Yahoo.
We can explain it to you but we can't understand it for you.<g>
On 9/26/2016 7:08 AM, Scott Lurndal wrote:
>> On 9/26/2016 8:14 AM, Mayayana wrote:
>>> "AL" wrote
>>> | When I log into Yahoo from a strange (unknown to Yahoo)
>>> computer, Yahoo | verifies it's me by texting me a code on my
>>> cell phone.
>>> That's a clever idea. I had no idea that webmail companies were
>>> now tagging devices.
Two-step verification is used by many organizations From Internet
companies to financial institutions. I use it wherever it's offered.
It's not perfect but it does add another layer of security to your accounts.
>> Actually, it's not the devices they are "tagging", it's the IP
>> address which you are using.
I can log on from any IP (public or private WiFi for example) using my
phone (trusted device) without a challenge.
> It's not solely the IP address. They also use the User-Agent string
> provided by the browser, and other fingerprinting techniques to
> identify the connection as uniquely as possible. There are fields
> in the TCP packet whose usage can identify the operating system, for
As close as I could find, a cookie or token is placed on the trusted
device. But I couldn't find any links to verify that. Most was from
forums/groups and you know how reliable that is... ;)
Probably. And some I think some are time stamped. When I was
imaging/restoring my system frequently I made sure I left my banks's
cookie on the system I imaging. That avoided the 2-step.
But if I wait too long (maybe a couple months) before restoring the
image I have to do the 2-step.
HomeOwnersHub.com is a website for homeowners and building and maintenance pros. It is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.