Sep 7, 2006

Yahoo’s Sign-in Seal to Prevent Phishing Accidents

Yahoo just launched a new security measure that’s pretty creative.
It lets you upload your own, personal picture (whatever you want) as a "Sign-in Seal"
for your login page. That way, if you click a "login" link in an email that claims to be from Yahoo, and you don’t see your unique sign-in seal on the web page, you’ll
know it’s a fake. Here are some details.

Seems like Yahoo and other companies that get imitated a lot (like banks) could use this tactic to include the image in the actual email itself. If you get an email from your local bank, you’ll know it’s "real" if your personalized image is in it. Sure, email’s not that secure, and the image could get stolen while in transit, but it’s a start. What if I could upload multiple images to my online account, and they rotated randomly from week to week?