Yahoo To Open Up Email Authentication 75
Aditi.Tuteja writes, "Yahoo has announced it will give away the browser-based authentication used in its email service, considered to be the company's 'crown jewels.' Yahoo made the announcement ahead of a 24-hour 'Yahoo Hack Day,' where it had invited more than 500 mostly youthful outside programmers to build new applications using Yahoo services. Considering the different needs of its huge user base (257 million people use Yahoo Mail), Yahoo has decided it can't build or buy enough innovation, so they are enlisting the worldwide developer community." The code will be released late in 2006. Yahoo notes that there are 'no security risks' since they keep absolute control of usernames and passwords.
Yahoo for yahoo. (Score:1)
Re: (Score:3, Insightful)
I really wish people wouldn't do this crap. It's not Mom and Pop's Search Engine Co. It's frigging Yahoo. If you want programmers, pay some damn programmers.
DARPA Grand Challenge, sure. Nobody's getting your crap for free when you're done. GPL, sure. They only get it if they give back. But stupid competitions like this just feed cash into the already-cash-filled pockets of corporations. Not that corporations making money is a bad thing, but we don't need
yahoo it/tech dept are hopeless (Score:3, Interesting)
You become lazy rich yuppies (see the yahoo ceos daughter on mtv? gawd) and your brain turns into drivel that cannot
innovate.
Go on a 4week engineering brain storm trip, no girls, no CC cards, no email to your wifes.
That will give you 5 years of engineering brillians between 10 smart people.
How hard is it to kill all the bots/fake accounts? how about killing all accounts with a prefix of 5 or more digits or A
Good for Yahoo (Score:5, Insightful)
Google gets all the press nowadays, but Yahoo's been pretty cool lately as well. Props!
Re: (Score:1, Insightful)
So maybe I've been drinking...
Re: (Score:1)
Re: (Score:1)
257m users. (Score:2, Insightful)
Re: (Score:2)
Re: (Score:2)
Yeah right! Everybody has as least 50 accounts. And some people even have more than 100 to compensate for that one stupid user who has only one. You probably graduated in math?
Re: (Score:2)
I've got 2 abandoned Yahoo accounts of fairly recent vintage (1 to password hassles, 1 was a throwaway I used for learning some stuff about the warez scene). That's in addition to my active Yahoo account.
I've also got at least 2 abandoned GeoCities sites, back from the day before Yahoo's acquisition of same. And possibly 3 or 4 other abandoned sites, because when they attempted to merge GeoCities with Yahoo they kept screwing up my access.
So I can account for at least 5 and possibly 9 of their "users".
Re: (Score:1)
It seems to me like... (Score:2, Insightful)
But Yahoo email login work with FF passwords? (Score:3, Interesting)
If so, I'll believe it when I see it.
Re:But Yahoo email login work with FF passwords? (Score:5, Informative)
Re: (Score:2)
Re: (Score:2)
Re: (Score:1, Interesting)
Still too much spam! (Score:3, Interesting)
Re: (Score:1)
On GMail, I get so much spam I don't check it anymore. Still, it seems as good a filter as yahoo's
Re: (Score:2)
Yahoo I've got my blocklists, filters, and everything on, and I still get 50-60 pieces of spam a day in the main folder. Gmail is actually useable.
OpenID ? (Score:5, Interesting)
regards
John Jones
Re:OpenID ? (Score:5, Funny)
(Obligatory) (Score:5, Funny)
Re: (Score:1)
Not that I don't like the idea or anything.
Let Yahoo solve this first... (Score:2, Redundant)
The other thing I'd like to see is full support for Mozilla's Firefox browser as far as Yahoo's Launchcast service is concerned. Don't mention that Grea
Web 2.0 Mashups (Score:1)
Crown jewels? (Score:3, Interesting)
Re: (Score:2)
How this is any more special then authenticating over TLS/POP3 is anyone's guess at this point. But I'll speculate that this is a way to entice developers to use Yahoo as a defacto authentication service as MS Passport aimed to be.
Personally, I think users have moved on. Our browsers remember our passwords, and its not hard to synchronize password DBs between browsers if you use more than one.
Think of this Yahoo authentication "openness" as a coun
Re:Crown jewels? (Score:5, Interesting)
The code isn't the crown jewel. What's of enormous value is the database of 250 million established Yahoo ID's.
Suppose I want to open my blog up to comments. These days, I'd be nuts to allow non-account-holders to post, since I would be overwhelmed with comment spam. How many of my users will be willing to register a brand new username and password with my site's custom code? But if you've already got a Yahoo ID, that's all you'll need to go right ahead and post on my blog. See? The barriers to participating on my site have dropped almost to nothing, all because of Yahoo's pre-existing database of 250 million users.
This is a win all the way around. It's a win for Yahoo, since it makes it more valuable for people to own a Yahoo ID. It's a win for me, since I don't need to generate custom code and maintain a database for user passwords. And it's a win for my users, who can now comment on my blog with little or no hassle.
The losers? Sites like typekey.com, who were created to offer the same feature that Yahoo is about to offer, but who don't have the crown jewel of 250 million user accounts.
Re: (Score:2)
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
Re: (Score:2, Funny)
jewlery (Score:4, Funny)
If that's one of their 'crown jewels', would their hosting service be considered the "family jewels"?
Sounds familiar... (Score:2, Interesting)
That's what my bank, credit card company and local government told me before they had a little "incident" with some script kiddies. Maybe the mattress is still the safest place for your money?
Re: (Score:2)
'No security risk' (Score:5, Insightful)
Why does the phrase "famous last words" come to me when I hear that. I can almost imagine it being spoken by Hammond in Jurrasic Park when he's talking about how safe the attractions are and that it's impossible for the dinosaurs to breed.
I forsee an explot being developed or maybe someone will just write a new "service" that makes use of Yahoo's systems that also happens to pass the username/pass to a more nafarious author.
Remember, the tool is only as safe as the operator. AOL's search didn't even ask for people to enter their Social Security Numbers.
Re: (Score:2)
[..]
I forsee an explot being developed or maybe someone will just write a new "service" that makes use of Yahoo's systems that also happens to pass the username/pass to a more nafarious author.
No need for exploits, even.
When any random blog starts asking for your yahoo account and password, do you think people will even notice that some of them don't redirect to loginservicethingy.yahoo.com? Most p
Re: (Score:1)
If you look into the implementation details of Browser-Based Authentication ( http://developer.yahoo.com/auth/ [yahoo.com]), it says:
Once the user enters their Yahoo! user ID and password, Yahoo! displays a Terms of Service page and lists the data which your application may access. If the user grants your application access, Yahoo! redirects the user to your site. The redirect URL contains a token that you use to retrieve the user's credentials.
Wonder how this gets implemented for Yahoo Mail. When a user wants
IMAP (Score:2)
I would be interested in using that -- maybe. As it is, I use my own IMAP server anyway. Which is a nice thing when it comes to services that require a unique email address to set up an account -- I have as many email addresses as I want.
Fetchyahoo anyone? (Score:2)
Re: (Score:3, Informative)
If you want Yahoo-->IMAP, just setup an IMAP server (or an account with a provider like Fastmail) then setup a TB rule to move the Webmail onto your IMAP server.
It's part of a trend (Score:4, Insightful)
Ultimately this comes down to who are users going to flock to as their primary id on the internet - and thus users will use it to log into 3rd party applications which lie outside of microsoft/google/yahoo. The bigger question, though, is how come these companies are going to "own" your id instead of federate it.
BTW, Yahoo has offered authentication services [zdnet.com] through other apps back in March.
Information Card (Score:2)
http://msdn.microsoft.com/winfx/reference/infocard
It's the brainchild of Kim Cameron: http://www.identityblog.com/ [identityblog.com]
Unlike Passport, Microsoft does not own your identity when you use Information Cards.
Insanely brilliant (Score:3, Interesting)
It remains to be seen if they can pull this off, but it's nice to see this type of innovation and broad steps coming from somewhere other than Google. I like Google, but they need the competition or they'll start to stagnate. Competition is good!
Sunnydale?!?!? (Score:2)
Yea I mis-read the first line of the article
"Browser-based authentication" or API? (Score:2)
Technically speaking, Yahoo is giving away "browser-based authentication" for its e-mail service for developers to build new applications. Currently only Yahoo Mail (http://mail.yahoo.com) and certain broadband partners like AT&T (NYSE:T - news) and BT (BT.L) are granted such access to the code.
This will allow people to make custom versions of the basic interface, or look, of e-mail. Other uses may include tapping the information inside a user's e-mail program to create new
Re: (Score:1)
Couarageous! (Score:2)
Man,thats so courageous.Iam surprised how Yahoo is so confident.
Phishing (Score:2, Interesting)
Phishing is a BIG problem with Yahoo (and other big websites) plenty of users lose control of their Yahoo! IDs (granted they are not so bright, as seen by the average IQ of people who responded to this post [wormus.com]).
I would hate for a phishing attack on Yahoo to make my site vulnerable. And with more and more websites popping up Yahoo! signups, it just makes it easier for someone to spoof the form on their site and gather passwords.
In the Favor of Y! they have taken good steps against phishing attempts, but it st
Re: (Score:1)
And at the end of the day... (Score:1)
Lee Darrow, C.H.
Chicago, IL
Re: (Score:2)
It's coming.
Great, more ID theft (Score:3, Insightful)
Re: (Score:3, Informative)
Nope. The press release is really short on details, but the official developer docs [yahoo.com] spell things out more clearly: the initial authentication takes place on servers Yahoo controls, and the user has to explicitly consent to opening up any information the third-party site wants to access. If they do, Yahoo provides an authentication token that can be used to make calls to Yahoo's various web services on b
The article and blurb are a little incorrect (Score:3, Informative)
It works pretty well, though I'm not all that big a fan of the process of logging in. The process goes like this:
This all seems reasonable, but I think I'd like to see the ability to set a pref so that you don't have to confirm every time. Other than that it does lower the barrier to entry for a site/service.
You have to choose the level of acccess when you register your app. When I registered the choices were (from memory):