August 22, 2006 12:46 PM PDT

Yahoo adds phishing shield

Yahoo is testing a new security feature that lets users customize their login page, a measure designed to thwart information-thieving phishing scams.

The feature requires people to create a unique "sign-in seal" on a specific PC. This seal--a text message or photo--will be displayed on the Yahoo login page when visited with that computer, according to a description of the feature on Yahoo's Web site.

screenshots

"A sign-in seal is a secret between the computer you set it up on and Yahoo," the Yahoo Web site states. "So when you sign in to Yahoo from this computer, your sign-in seal tells you that you're seeing a genuine Yahoo site, not a phishing site."

Phishing is one of the most common online threats. In May, just over 20,000 phishing Web sites--a record--were reported to the Anti-Phishing Working Group, the organization said. Phishing typically combines spam e-mail with fraudulent Web sites to trick people into giving up sensitive information, such as a Yahoo user ID and password.

"Phishing is an industrywide issue, and Yahoo is always looking at ways to combat it," a representative for the Sunnyvale, Calif.-based Web giant said. "We're testing and hoping to gradually roll out this new, optional feature that will allow people to uniquely personalize their Yahoo login."

Some of Yahoo's 208 million active registered users already have access to the security feature, the company representative said. Yahoo plans to make it available to all its U.S. users over the coming weeks and to users in other countries at a later stage, the company representative said.

The sign-in shield is designed for use on a personal computer, not on systems in libraries or Internet cafes, for example. It works based on cookies, tiny files that a Web site can place on a user's computer. "It is meant for people to use on their personal or work computers that they use regularly," the Yahoo representative said.

People who remove cookies from their system, for example for privacy reasons, can disable the new Yahoo feature and have to create a new shield. That, at least, was the case in CNET News.com tests using both Internet Explorer and Firefox. Yahoo is tweaking the sign-in shield so the feature won't be rendered useless by removing cookies, the company representative said.

See more CNET content tagged:
phishing, Yahoo! Inc., company representative, phishing Web site, security

1 comment

Join the conversation!
Add your comment
Why don't they use SSL?
Why don't they use SSL? In email authentication they do push for cryptographics (domain-keys)!
Posted by hadaso (468 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.