Yahoo! login security
For the longest time, i have been – i still am – bothered by how Yahoo! implements its login screen. For example, if you go to mail.yahoo.com, you will be greeted by the standard login screen which gives you the option for a “Secure” login. In this day and age when online identity fraud is at the all time high, just by giving an option for transmitting your login ID and password in clear text over the internet is pure stupidity and ignorance. I liken that to a bank giving its customer his 5 million dollars cash in clear grocery bags without clearly informing him that he can transport his cash in an armored vehicle with armed guards. The fact that Yahoo! is making this its standard login procedure is unfathomable.
So what is Yahoo!’s excuse for not forcing everyone to use the secure login? According to the Yahoo! Sign-In and Registration Help, “pages will take longer to download.” It is not like every pages after the login will be over SSL (Secure Sockets Layer) anyway, in fact, Yahoo! redirects the user to the non-SSL pages right after the initial login. I am pretty sure most, if not all, users can handle a little slowness during the initial login for the comfort of knowing that their login information are not sent over the internet in plain text. So this “slowness” excuse given by Yahoo! is moot.
Another reason given by Yahoo! in not sending the user directly to the secure login page is that “SSL is not supported by all browsers.” That might have been true 10 years ago but name me one browser out there now that does not support SSL. I can’t think of any. In fact, even my text-based browser Links supports SSL. Let’s just assume that Yahoo! does not want to displease the 1% of the web users that are still using browsers without any support of SSL. What Yahoo! could have done is to, by default, send 99% of the web users to the secure login page and simply redirect remaining 1% of the web users to the standard (non-secure) login page. Why is this not done? I don’t have a freaking clue!
