In recent articles I’ve shown you how you can protect some of your email accounts with two-step verification (2SV).
We’ve covered how you can receive verification codes when signing into your Apple and Google accounts, and I’ve even reviewed how you can implement 2SV with the Google Authenticator app.
But what if you have additional email addresses? Can you protect your other web-based accounts, as well?
The answer is yes… as long as that provider gives you the option of doing so.
Fortunately, given the digital threats confronting users today, many services do. Let’s review one such web-based email service provider: Yahoo!
In this guide, I will show you how you can protect your Yahoo! account with two-step verification.
1. Sign into your Yahoo! account.
2. On your account home page, you will find some of the personal information you have shared with Yahoo!, including your name and gender.
To the left, you will find a purple sidebar with several clickable options. Click on the “Account security” option, which is located directly below “Personal info.”
3. Yahoo! will ask you to reenter your password in order to view your account security settings. Do so and click on the “Next” button.
4. Your account security page is where you can go to change your Yahoo! password and add recovery emails/phone numbers.
It is also where you can go to activate two-step verification. At the bottom of the page, you will see “Two-step verification” with a clickable switch. Click the switch to turn 2SV on.
5. To enable 2SV, Yahoo! will prompt you to enter in a phone number with which you would like to enable 2SV. Enter in your phone number and confirm whether you would like to receive a verification code via SMS or call. (NOTE: That preference is not permanent and applies to this activation process only.)
6. If you entered your number correctly, Yahoo! will send a verification code to your mobile number via SMS or call. Enter in the code and click the “Verify” button.
7. Congratulations! You’re all set!
Yahoo! will display a “Success” dialog box and will also provide you with the option to reconnect certain mobile apps by creating unique app passwords. We’re going to skip that process.
8. On your “Account security” page, you will see that the Two-step verification option is now switched to On. Below that feature, you will also see that you can generate an app password to reconnect certain applications like iPhone mail, Outlook, and others if you choose to do so in the future.
Now every time you sign into your account, you will be directed to this page after entering in your username and password.
Specify by which option you would like to receive a verification code. That will lead you to this next page.
Enter in the code, and you will be directed to your account home page.
I strongly recommend enabling two-step verification and (even better) two-factor authentication on your different online accounts when it’s available. It’s a great method of strengthening your online security and privacy, by making life harder for the hackers.
- Two-factor authentication (2FA) versus two-step verification (2SV)
- How to better protect your Facebook account from hackers
- How to better protect your Twitter account from hackers
- How to enable two-step verification (2SV) on your WhatsApp Account
- How to protect your Amazon account with two-step verification (2SV)
- How to better protect your Google account with two-step Verification (2SV)
- How to protect your Dropbox account with two-step verification (2SV)
- How to protect your Office 365 users with multi-factor authentication
- How to protect your Microsoft account with two-step verification (2SV)
- How to better protect your Tumblr account from hackers with 2SV
- How to protect your LinkedIn account from hackers with two-step verification (2SV)
- How to protect your PayPal account with two-step verification (2SV)
- How to protect your Yahoo account with two-step verification (2SV)
- How to protect your Apple ID account against hackers
- How to better protect your Google account with two-step verification and Google Authenticator
- How to protect your Hootsuite account from hackers
- How to better protect your Instagram account with two-step verification (2SV)
- Instagram finally supports third-party 2FA apps for greater account security
- How to protect your Nintendo account from hackers with two-step verification (2SV)
- How to better protect your Roblox account from hackers with two-step verification (2SV)
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.
5 comments on “How to protect your Yahoo account with two-step verification (2SV)”
My main fear with this is that over the years I have built up some trash yahoo mail addresses to use when I am in unsafe places or on Holiday and I'm having to use a common computer or worried about getting tracked or spammed on my main Email address. Some of the two pass authentication systems tie you down to one phone number per account. (Not all) I'm not sure about Yahoos policy. But I can see the day when they start locking you into two pass authentication and you could lose an account or need to have a spare mobile/ number and all the issues that can cause. I wonder do yahoo trap each email to a specific mobile number? (Also, I can be a little outspoken on certain subjects that I would rather speak on anonymously and not tracked to my personal mobile phone!)
I completly agree with Monica on this!
Thank You David for the yahoo security tip.
But I would like to share something on online security and it will also cover yahoo or gmail or any other online activity.
I am small business owner based in Huston and I am using VPN for my business online security.
so…if your account gets hacked again, THEY NOW HAVE YOUR PHONE NUMBER!
It seems irresponsible not to mention that sending SMS as the second step, as Yahoo does, is extremely insecure. The NIST has advised this method be retired. Recently, thieves abused SMS 2FA to drain bank accounts worldwide: https://arstechnica.com/security/2017/05/thieves-drain-2fa-protected-bank-accounts-by-abusing-ss7-routing-protocol/