More and more Internet companies are beginning to implement 2-step verification processes to provide additional security against the ever increasing attacks on customer accounts. Yahoo! is the latest company to upgrade the account security with a 2-step verification option for its customers.
The new second sign-in verification feature is opt-in at this point in time, and only available to users from the United States, Canada, India and the Philippines.
Yahoo! users can enable the second sign-in verification feature from the Yahoo! account info page.
Here they are asked to enter a mobile phone number for verification purposes. This number needs to be verified via SMS before the new account verification option is enabled for the account.
Yahoo! users can enable the new security feature on this page. They can alternatively sign in on the Yahoo! homepage, hoover over their name and select Account Info from the options to open their profile preferences and select the new security option there. It is however usually easier to open the page directly.
Yahoo! users who turn on the new account verification feature have the option to use their security question and mobile phone, or only their mobile phone when they are asked to verify account ownership.
Mobile phone has to be selected either way. Once you have made the selection you are asked to enter your mobile phone number and country in a form.
Yahoo! sends a SMS to the phone with a verification code that you need to verify ownership of the phone (more precisely the phone number).
The second sign-in verification feature works slightly different from Google's 2-step verification login. Yahoo! will only ask the user to verify the account in a second step if the company suspects that the account may have been hijacked. It is likely that this is an automated process that checks IP addresses, countries of origins, and maybe even header data and sign-in times.
A confirm your identity:answer security question prompt is displayed after sign-in in this case. It basically blocks the signing in by asking the user to verify the account ownership either by entering the answer to the selected security question or by entering a security code send to a verified mobile phone.
This can be useful if you don't want to receive SMS messages regularly when you sign in to your account on one of Yahoo's Internet websites.
Update: You can head over to this page to start configuring two-factor authentication for your Yahoo account to improve its security.