On 9/26/2016 7:08 AM, Scott Lurndal wrote:
>> On 9/26/2016 8:14 AM, Mayayana wrote:
>>> "AL" wrote
>>> | When I log into Yahoo from a strange (unknown to Yahoo)
>>> computer, Yahoo | verifies it's me by texting me a code on my
>>> cell phone.
>>> That's a clever idea. I had no idea that webmail companies were
>>> now tagging devices.
Two-step verification is used by many organizations From Internet
companies to financial institutions. I use it wherever it's offered.
It's not perfect but it does add another layer of security to your accounts.
>> Actually, it's not the devices they are "tagging", it's the IP
>> address which you are using.
I can log on from any IP (public or private WiFi for example) using my
phone (trusted device) without a challenge.
> It's not solely the IP address. They also use the User-Agent string
> provided by the browser, and other fingerprinting techniques to
> identify the connection as uniquely as possible. There are fields
> in the TCP packet whose usage can identify the operating system, for
As close as I could find, a cookie or token is placed on the trusted
device. But I couldn't find any links to verify that. Most was from
forums/groups and you know how reliable that is... ;)