Welcome Home

Follow Me On The Regular!

Yahoo adds security event tracking to its Account Info page, but still no delete button

Posted By on October 13, 2016 in Written Content | 0 comments

Yahoo adds security event tracking to its Account Info page, but still no delete button

Following news of its large-scale data breach affecting 500 million account holders, Yahoo today rolled out a change to its Yahoo Account settings screen that will better alert users to unauthorized activity on their accounts. The feature is similar to Googles in that it tracks the account activity and devices associated with your Yahoo account, but it doesnt provide as much detail.

In Googles case, users can view their recent security events (like logins, password changes, changes to recovery options, new app passwords, etc.). Thisincludes the dates and times that theirGmail account was accessed, as well as the IP addresses which were used to access your account.Theres even a map of the location provided as a small thumbnail next to the account activity on the detail screen.

And each event is tagged not only with the timestamp, IP and location, youll also see which device was used for the activity, as well.

Yahoos tracking screen is more simplified. The top section shows the recent devices (e.g. Chrome, Mac OS X) where the Yahoo account has been used, followed by a log of the most recent activity or changes to your Yahoo account.

However, in this bottom section, Yahoo is only logging the activity and time. You cant click on each item to see the additional details for each individual event, like IP, device or location.

screen_shot_2016-10-12_at_1_49_47_pm

Instead, if you want to drill down to see things like the IP or location, you have to click on the device (Mac OS X, e.g.) at the top of the screen. Here recent sign-ins on that device arelisted with locations, IPs and timestamps.

The problem with Yahoos activity logging is one of design. On the main screen, each item like a password change doesnt have an IP, device and location provided; meanwhile, clicking on the device at the top (where you can see things like IP and location) seems to only show you the logged sessions, not the other activity.

screen_shot_2016-10-12_at_1_50_13_pm

This layout makes Yahoosactivity logmore confusing to read and understand than Googles.

Plus, none of this will really help Yahoo users deal with the aftermath of the data breach, which actually took place in 2014. Yahoo passwords have been reset, and the company wiped out the prior answers to users security questions.

  1. screen_shot_2016-10-12_at_2_10_08_pm

  2. screen_shot_2016-10-12_at_2_10_16_pm

Above: Googlessecurityevent activity info screen, for comparison

The problem is that this information, now in the wrong hands, can be used to compromise users accounts across the web, not only because of password reuse, but also because many sites ask the same security questions when users attempt password resets. (Like, whats your mothers maiden name?, Name of first pet, etc.)

Meanwhile, the company still hasnt addressed the problem in which its made it difficult forusers to leave the Yahoo Mail service by disabling the feature that allows them auto-forward their email. (It says its working on turning it back on.)

Nor has it added a simple delete my account option from the Account settings screen. Instead, users have to dig through Yahoos Help site to find the URL to the Terminating your Yahoo account page.It also continues to hold onto Yahoo accounts for 90 days, before permanently deleting them, in case a user chooses to reactive the closed account.

Read more: https://techcrunch.com/2016/10/12/yahoo-adds-security-event-tracking-to-its-account-info-page-but-still-no-delete-button/