Yahoo Mail, after using it for almost a decade now im beginning to fall out of love with my favorite free email service provider.
Heres why:
After playing with its “I cant acces my account option” and or “lost password/cant remember password” I found a major ( major for me, ill explain later why
) security hole on one of the world’s most used email service.
Heres How:
Lets pretend that we forgot our password. ‘Cause many times than not we use several password on this never ending web sign ups and its really hard to remember which pasword belongs to or remember the password itself.
So we rely on the “lost or cant remember my password”, ok lets click it…
ok yahoo sent us to this page. (look below);

Lets choose “forgot password” for this instance, yahoo then again forward us to a page where it ask for our yahoo ID-ok easy enough, then fill up the security image and then from there the security questions appears.

There are two simple security questions will be ask like “where did you meet your spouse?” or this too can be customized, and you only should know the answer. Right? or not.
Questions like “where did you meet your spouse?” can be easily answer by friends who know you, or close to you, or by web searching, if you log everything on the net hehehe.(like most of us did), once its answered correctly another question will pop up “ok you have to answer this second question before you finally reset your password” says Yahoo! question like “who is my favorite book author?” then again some people may already that.
Many of us choose easy questions and answer for simplicity, maybe its not a good idea anymore. Ok next thing you know, you dont own your email anymore. AW.
Ok if you read up to this you probably commenting on why not update the security question? Yes, thats a very good idea a genuine solution for all of this. Think again…
ok heres the real flaw:

Its easy to update your security questions, but Yahoo! never really erases the old security questions and even providing a link to access it and reset the password via old security questions…I dont see any logic in here…If you already sratching your head I prepared visuals to let you know what I mean…


Ok once your first security questions had been compromised, its goin to stay that way…you cant even update or yes you can update but clicking the “this is not my security question” link will just bring back the old compromised security question to reset your password…
Tsk this should have taken seriously…



