Protect your Yahoo! Mail account with SSL - gHacks Tech News

Protect your Yahoo! Mail account with SSL

If you are using a Yahoo Mail account you have probably noticed that the account login is using SSL but that the mail interface itself after logging in is not. You can verify that by checking the address bar of your web browser when you open the Yahoo Mail sign in page which should begin with https:// and not http://.

SSL is beneficial for the security of the connection as it encrypts the data so that attackers can't record the data flow anymore to spy on your data. It is more complicated than that but that's beyond the scope of the article.

Once you are signed in to Yahoo! Mail you will notice that the connection switches to http instead. That's bad from a security point of view, especially if you are connecting to Yahoo! Mail from public networks or wireless networks such as your school's library, a University campus or McDonalds.

If you sign in to Yahoo! Mail via a non-secure Internet connection such as a wireless network, your Yahoo! account is more vulnerable to hijacking. Non-secure networks make it easier for someone to impersonate you and gain full access to your Yahoo! account, including any sensitive data you may be storing. Enhance the security of your entire Yahoo! Mail session with HTTPS data encryption (via security socket layer, or SSL) and protect your account from hijackers and fraud.

I can't really say when Yahoo added SSL as an option to Yahoo! Mail, only that it is now available and that you can turn it on to improve the security of your connection.

Turn on SSL

Follow these easy steps to turn on SSL on Yahoo! Mail.

  • Go to Yahoo! Mail and sign in to your account.
  • Click on the settings icon at the top right of the screen and select Mail Options from the menu.
  • Make sure you are in the General options menu, it should be the default page.
  • Look under Advanced Settings for Turn on SSL.

yahoo mail ssl

  • Check the Turn on SSL box.
  • A notification pops up telling you that Yahoo! Mail needs to refresh once you hit on the save button. Refresh means that you will be signed out automatically and need to sign in again.
  • Click on OK and then on Save at the top of the screen.
  • Sign in again to Yahoo! Mail.

You should see a lock now in front and https in front of the web address.

yahoo mail https

You should not encounter any issues after switching to https. If you do, you can turn off SSL the very same way again. Check out this Yahoo! Help page for additional information about enabling or disabling SSL. (via)





  • We need your help

    Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

    We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.

    If you like our content, and would like to help, please consider making a contribution:

    Comments

    1. ilev said on January 5, 2013 at 12:17 pm
      Reply

      This should be ON by default.

      1. Martin Brinkmann said on January 5, 2013 at 12:32 pm
        Reply

        Agreed.

    2. Dan said on January 5, 2013 at 1:29 pm
      Reply

      This doesn’t work with “Yahoo! Mail Classic”. If you turn on SSL, you can’t revert back to Classic. Classic is still my favorite interface. It works with all browsers, even old ones.

      1. Martin Brinkmann said on January 5, 2013 at 2:03 pm
        Reply

        Dan thanks for letting us know about the limitation. I find it strange that they have not made this available for Classic as well.

    3. Nebulus said on January 5, 2013 at 3:05 pm
      Reply

      I think they didn’t make SSL available to Classic Mode because that type of interface is not supported by Yahoo! anymore. I also use Classic interface for the Yahoo! account that I have, and I think that the lack of SSL support for it a mistake.

    4. Pierre said on January 5, 2013 at 3:18 pm
      Reply

      It’s done, thanks

    5. DanTe said on January 5, 2013 at 4:33 pm
      Reply

      Hmmm… mine’s not on as default. And I actually pay for a premium account.

    6. stricnin said on January 5, 2013 at 4:57 pm
      Reply

      Thank you.

    7. Rocky said on January 5, 2013 at 5:06 pm
      Reply

      Incomplete or wrong information again. It would have helped if you had done some research first and added that it may not apply to Yahoo! classic and that it may also depend on browser settings.

      1. Jerry said on January 6, 2013 at 8:33 pm
        Reply

        I can no longer find the classic mail option on my yahoo accounts.

        How can I now switch back to classic mail?

    8. noswal said on January 5, 2013 at 5:25 pm
      Reply

      Thanks for this and all the best in the new year.

    9. seemar said on January 5, 2013 at 8:00 pm
      Reply

      this is a very new development for yahoo! (just this week!) and only came after public pressure:

      https://www.accessnow.org/blog/2013/01/04/yahoo-bolsters-privacy-with-global-https-support

    10. Peter888 said on January 5, 2013 at 8:40 pm
      Reply

      Thanks Martin. It’s done. Super !

      Thanks seemar :
      “When you communicate using encryption, using the HTTPS protocol, it is very difficult for an outside party to unscramble the information that is passing over the internet and wireless networks.”

    11. Stoner said on January 6, 2013 at 1:55 am
      Reply

      I’m kind of disappointed that they use RC4 encryption rather than AES or Blowfish.

    12. Dan said on January 6, 2013 at 2:29 am
      Reply

      Uhm, cause RC4 is a stream cipher, while AES and BF are block ciphers? And SSL requires stream ciphers.

    13. Anonymous said on January 6, 2013 at 5:28 am
      Reply

      Thanks for this Martin. I agree with many commenters here that the SSL encryption should be standard.

    14. Stoner said on January 6, 2013 at 10:36 am
      Reply

      >SSL
      It uses TLS, and TLS supports AES.

    15. Prash said on January 6, 2013 at 4:18 pm
      Reply

      New Yahoo email https connection has forced me to attempt logging in at least 20-30 times before I see my inbox. Their https server times out (IE cannot find server) most times. All other yahoo sites seem to be okay though. Yahoo said their engineers are working the issue but after 3 weeks…!!

    16. Dan said on January 7, 2013 at 3:43 am
      Reply

      @Jerry

      First, disable SSL (see above post). Then you can do either of the following methods:

      Method 1:
      Lower your screen resolution to 800×600. Reload Yahoo Mail. It will display an error message about your resolution. Click Return to Yahoo Mail Classic (do not click the “temporarily” option). If it loads the classic interface, you can now return to your normal resolution.

      Method 2:
      Disable javascript in your browser (google on how to do that). Reload Yahoo Mail. It will display an error message about needing javascript for the new interface. Click Return to Yahoo Mail Classic (do not click the “temporarily” option). If it loads the classic interface, you can now turn on javascript again.

    17. Terrine said on January 7, 2013 at 2:28 pm
      Reply

      Neiter Method 1 nor Method 2 worked for me. I want my cherished Classic interface back!

    18. jerry said on January 8, 2013 at 1:07 pm
      Reply

      DAN – THANKS A TUN!
      I was able to get Yahoo CLASSIC email back. yaHOOOOOOOOO!
      But ONLY after disabling SSL and saving the change the 2nd time.
      (seems it didn’t disable SSL the first time I saved – or did i save?)
      However ……………
      as you know and did NOT point out (thank you) I lost a capability.
      Seems that (ok ok Im being, stupidly? obvious) new feature is not an option and does not exist for yahoo CLASSIC BooHOOOOOOO!

      In general, get yahoo to display a “display-type” error and it will give you the option of “go back to the previous version”.

      And 1 final note: Yahoo does give the option to use Yahoo CLASSIC on my iPad.

      DAN’S METHOD to bring back Yahoo CLASSIC mail if you want it and don’t have the option:

      “First, disable SSL (see above post). Then you can do either of the following methods:

      Method 1:
      Lower your screen resolution to 800×600. Reload Yahoo Mail. It will display an error message about your resolution. Click Return to Yahoo Mail Classic (do not click the “temporarily” option). If it loads the classic interface, you can now return to your normal resolution.

      Method 2:
      Disable javascript in your browser (google on how to do that). Reload Yahoo Mail. It will display an error message about needing javascript for the new interface. Click Return to Yahoo Mail Classic (do not click the “temporarily” option). If it loads the classic interface, you can now turn on javascript again.”

    19. Dan said on January 8, 2013 at 4:04 pm
      Reply

      Happy to help.

    20. Kevin said on February 11, 2013 at 3:50 pm
      Reply

      Full SSL is simply unavailable for many, many Yahoo email customers — the SSL option does not appear for them.

      Seems like the news got ahead of Yahoo’s implementation or it’s false PR for Yahoo.

    Leave a Reply