Yahoo just launched a new security measure that’s pretty creative.
It lets you upload your own, personal picture (whatever you want) as a "Sign-in Seal"
for your login page. That way, if you click a "login" link in an email that claims to be from Yahoo, and you don’t see your unique sign-in seal on the web page, you’ll
know it’s a fake. Here are some details.
Seems like Yahoo and other companies that get imitated a lot (like banks) could use this tactic to include the image in the actual email itself. If you get an email from your local bank, you’ll know it’s "real" if your personalized image is in it. Sure, email’s not that secure, and the image could get stolen while in transit, but it’s a start. What if I could upload multiple images to my online account, and they rotated randomly from week to week?
Bank of America has been doing this for quite a while now, and it is quite clever.
Based on your screenshot though, how does Yahoo know which image to display if you haven’t even given your username?
I can’t remember, but I probably deleted the login before taking the screenshot. Does BoA do it only on the login, or in their emails too?