More than you ever wanted to know about online accounts with Yahoo (or anybody else)
The Internet is a fantastic enabler and resource, but it also has
aspect of a Middle Eastern bazaar: along with all kinds of fascinating
shops and wares, there are thieves, grifters and crime rings. To
protect yourself, you have to strike a balance between closing your
eyes and hyper-paranoia. Here's some basic information about
setting up an account with Yahoo....or anyplace else on the
Internet. If you don't want to know, that's OK and good luck with
your online security/safety. This is my take on this matter.
People and computer people being what they are, some may pick at what I
am going to say, but it is the result of 28 years as a computer
- In order to see the archive of si-talk or post and retrieve files from si-talk, Yahoo has to be able to authenticate you.
- Otherwise, anyone could read the archive and harvest potentially sensitive information
- Ditto, for the files, which could be sensitive/copyrighted and not for
- To do this authentication, they use a Yahoo userid and password. This should
NOT be the password or passwords you use elsewhere (see below)
- Yahoo can only reasonably authenticate you with a userid and a password to let you onto the si-talk site. Note that anywhere
a file is to be posted (Yahoo, Dropbox, wherever) there has
to/should be some kind of authentication to protect people and their
- The only way to get around that is for everyone that wants the
file, to send a request to the originator and get it emailed to them.
For really big files, that can be a problem
- To get a userid, Yahoo will to know (I think):
your desired userid
a password for it...doesn't have to be (and shouldn't be) the same as what you use elsewhere in the online world
- your birthday (can be bogus)
- forwarding/contact email (which they already know)
a state and zipcode (both of which can be bogus)
So you can get a Yahoo ID and still prevent Yahoo from knowing anything more than your email address
More complicated stuff follows (but ignorance is no protection)
- You may say that you use the same userid and password everywhere, thus Yahoo would "know how to get into all my accounts".
If so, that is already potentially true of all the other companies/merchants/etc that you use this UID/PW with.
- If so, this is extremely dangerous, like carrying a loaded gun
with the safety off in your pocket. Sooner or later, that UID/PW will
become compromised and Bad People will romp through *all* your accounts
and data everywhere on the net.
- If so, you should immediately get (and alas learn how to use,
just another thing, computers force us into) a program like
PasswordMaker (which works with the Firefox web browser). Such programs
generate a different password for every different website, by using the
website's URL to make a unique PW. *You* remember a (easily recalled
but complicated) master password that you key in on your computer, then
the program combines it with the website URL address to create a unique
gobbledegook alphanumeric PW unique to that web site. When you come
back to that website in the future, you use that master PW to
(relatively easily) recreate that site's unique gobbledegook PW. If
someone learns that site's unique password for that website, they can't get into your accounts anywhere else.
- Legitimate/Fortune 500 computer service companies will NEVER
ask you for your password, for your email or your online account. To
think that they would is in the realm of woowoo conspiracy theory, and
gets computer professional such as me very upset. If you get such a
request, someone is scamming you. In doing support (for a small
college), I have asked people for their password when they were
physically beside me, explained why and insisted they change their PW
afterwards. Getting things straight in the world is difficult enough
without imagining bogeymen. Yes there is corruption and near-fraud in
the computer/financial world, but not in this. To ask for your password
is like asking for a key to your house...it makes the asker a suspect
in anything criminal that might happen in the future. Computer
professionals and Legitimate/Fortune 500 computer service companies don't want to know your passwords,
and their programs are set up so that the authentication takes place
without their knowing the PW (yes, I know that sounds impossible, but
it is so....and I can explain how that works for anyone wanting to know)
- Note that, if you ever lose your password and contact Yahoo to reset it, they may ask you
questions about this (bogus) info in order to autheticate you (in place of the
password) before they reset your password.
If you've given bogus info
here, you probably won't remember the bogus info and won't be able to
answer the questions. SO:
- be sure to keep the password or generate it so they you can recreate it.
- if you lose it:
- create a new YID
a note to firstname.lastname@example.org telling us of the problem and we will
delete your old YID from mailing list membership and add your new YID