Yahoo Gives Details On How It Plans To Recycle Old Usernames Securely
@satya-swaroop-YDeBJM
•
Oct 22, 2024
Oct 22, 2024
1.4K
Ever since Yahoo <a href="https://www.crazyengineers.com/threads/bid-goodbye-to-your-yahoo-mail-if-you-havent-logged-in-since-a-year.68497">Bid Goodbye To Your Yahoo Mail If You Haven't Logged In Since A Year</a> that have not been used in a year, concerns have been raised by experts on how Yahoo is planning to tackle password reset requests from various services. For example, here on CrazyEngineers whenever you forget your password, we use your email id to get you a new password. E commerce and social networking sites have been using methods similar to above since ages, but if Yahoo gives your email username to someone else, you shall become susceptible to hackers who can easily steal your credentials by utilising this loophole. To address the above problem Yahoo has taken the help from Facebook to come up with a new type of validation.
According to the idea proposed by Facebook to Yahoo!, websites that use email for password reset services will required to attach Require-Recipient-Valid-Since header to the reset email being sent to a yahoo mail account which shall make a request to Yahoo to check the age of an account before delivering the mail. The Require-Recipient-Valid-Since header consists of the date on which the person had used his/her email to create the account on the other website and if the date is before the date of the new Yahoo! username ownership, then the email will not be delivered and shall bounce back. Facebook has already started using this method and Yahoo! hopes that other websites will soon follow suit.
In the blog post, Yahoo has also informed that it shall not be giving out the unused usernames to new users right away. Interested users are now being given the opportunity to get the username of their choice on the #-Link-Snipped-# by registering up to five desired usernames and by mid-August they shall be receiving an email with a link that shall be valid for 48 hours letting them know that their username is up for grabs. Yahoo will be taking this time to deactivate the account and auto-unsubscribing the account from any mailing lists that send mail to the address.
For more details on this news we recommend you to read Yahoo!’s <a href="https://yahoo.tumblr.com/post/55535441138/get-your-yahoo-username-wish-list-ready" target="_blank" rel="nofollow noopener noreferrer">Get Your Yahoo! Username Wish List Ready! | Yahoo</a>, and on the #-Link-Snipped-# and for more information on the Require-Recipient-Valid-Since header please visit <a href="https://datatracker.ietf.org/doc/draft-wmills-rrvs-header-field/" target="_blank" rel="nofollow noopener noreferrer">draft-wmills-rrvs-header-field-01 - The Require-Recipient-Valid-Since Header Field</a>
Source: <a href="https://www.theverge.com/2013/7/15/4525908/how-yahoo-cleans-up-usernames-with-help-from-facebook" target="_blank" rel="nofollow noopener noreferrer">Yahoo recycles old user IDs with help from Facebook - The Verge</a>
According to the idea proposed by Facebook to Yahoo!, websites that use email for password reset services will required to attach Require-Recipient-Valid-Since header to the reset email being sent to a yahoo mail account which shall make a request to Yahoo to check the age of an account before delivering the mail. The Require-Recipient-Valid-Since header consists of the date on which the person had used his/her email to create the account on the other website and if the date is before the date of the new Yahoo! username ownership, then the email will not be delivered and shall bounce back. Facebook has already started using this method and Yahoo! hopes that other websites will soon follow suit.
In the blog post, Yahoo has also informed that it shall not be giving out the unused usernames to new users right away. Interested users are now being given the opportunity to get the username of their choice on the #-Link-Snipped-# by registering up to five desired usernames and by mid-August they shall be receiving an email with a link that shall be valid for 48 hours letting them know that their username is up for grabs. Yahoo will be taking this time to deactivate the account and auto-unsubscribing the account from any mailing lists that send mail to the address.
For more details on this news we recommend you to read Yahoo!’s <a href="https://yahoo.tumblr.com/post/55535441138/get-your-yahoo-username-wish-list-ready" target="_blank" rel="nofollow noopener noreferrer">Get Your Yahoo! Username Wish List Ready! | Yahoo</a>, and on the #-Link-Snipped-# and for more information on the Require-Recipient-Valid-Since header please visit <a href="https://datatracker.ietf.org/doc/draft-wmills-rrvs-header-field/" target="_blank" rel="nofollow noopener noreferrer">draft-wmills-rrvs-header-field-01 - The Require-Recipient-Valid-Since Header Field</a>
Source: <a href="https://www.theverge.com/2013/7/15/4525908/how-yahoo-cleans-up-usernames-with-help-from-facebook" target="_blank" rel="nofollow noopener noreferrer">Yahoo recycles old user IDs with help from Facebook - The Verge</a>
