Yahoo! Mail quietly adds HTTPS security option


It looks like Yahoo! has learned its lesson when it comes to security. After its mail service was recently hacked by an XSS exploit, the company has not only patched the problem but is also quietly rolling out an HTTPS option for its users.

HTTPS or Hypertext Transfer Protocol Secure is a secure communications protocol — it consists of the the SSL/TLS protocol with an HTTP layer on top. What’s interesting about this addition is the fact that Yahoo! has chosen not to publicize it at all. Well, at least not yet. No press release was issued and blog post detailed the recent changes.

The Electronic  Frontier Foundation (EFF) was the first to discover the news, and is actually one of the 26 organizations that includes the ACLU and Reporters Without Borders that urged Yahoo! to make the option available for users. Here is a statement regarding the addition of HTTPS from the EFF:

Thanks to Yahoo! for taking this important step to protect its users’ privacy and security. And thanks to everyone involved with our letter for helping emphasize the importance of this security measure (particularly to Front Line Defenders, the Tactical Technology Collective, and Aspiration for bringing many of us together).

If you’re a Yahoo! Mail user and have not enabled this future yet — we don’t blame you for not knowing about it — you can enable it by going into “Mail Options,” “Advanced Settings,” then ticking the “Turn On SSL” checkbox found at the bottom.

[via The Next Web]

Related Posts

  • Enrique

    @Rob (Down Under): That’s ridiculous! Maybe years of inactivity would make some sense but 4 months is unacceptable in my opinion. I’ve switched to gmail and don’t miss Yahoo one bit!

  • Rob (Down Under)

    Actually the reason that I went there was in response to their email asking me to confirm my alternative email. When I got there, they had my correct alternate email in their records, and I got told that my account (email) had been fully deleted (because of greater than 4 months inactivity).

  • Enrique

    @Grateful: No problem! :)

  • Enrique

    @Rob (Down Under): Deleted? Are you serious? That’s pretty crazy. Never heard of anything like that happening after 4 months of inactivity! Maybe it was years since you didn’t use it? ;)

    Still, you should’ve been informed somehow. But if you didn’t have an alternative email listed, I’m not sure how else they could have contacted you.

  • Grateful

    This is very timely news!! I have been with Google mail for years because of https, but have recently been looking for another site. I used to be with Yahoo until I discovered Google, but to hear this now makes my decision very easy indeed! Thanks for the tremendous news!!!

    Always Grateful

  • Rob (Down Under)

    I have a few email providers, in case of emergencies.
    I think this is one of them.
    I went to log in to my account a couple of days ago, and was informed that I had not logged in for over 4 months, so they had deleted everything.
    Surely, they can’t be serious.
    They should send a few bold. attention grabbing emails prior to taking such drastic action ?
    I won’t be using them again.

    PS I have restrained myself from really saying what I feel.