New feature lets Yahoo users customize the login page to foil information-thieving phishing scams.
Yahoo Inc. lately said it is testing a sign-in seal that ensures subscribers they are visiting the Web portal and not a bogus site set-up by a phisher to steal personal information.
Phishing is one of the most common online threats. In May, just over 20,000 phishing Web sites–a record–were reported to the Anti-Phishing Working Group, the organization said. Phishing typically combines spam e-mail with fraudulent Web sites to trick people into giving up sensitive information, such as “Yahoo user ID and Password.”
"A sign-in seal is a secret between the computer you set it up on and Yahoo," the Yahoo Web site states. "So when you sign in to Yahoo from this computer, your sign-in seal tells you that you are seeing a genuine Yahoo site, not a phishing site."
The security feature is being offered to a "fraction" of subscribers chosen at random, a Yahoo spokeswoman said. The service is expected to be rolled out gradually, and to become generally available in the "coming weeks."
The sign-in seal, which is created by the subscriber, is shown each time the user goes to a log-in page for a Yahoo service, whether it is email, the personalized homepage or music. The seal is associated with the person’s computer, instead of an ID and password, because Yahoo believed it was better to show subscribers they are visiting a legitimate page before entering any personal information, the spokeswoman said.
In creating a Yahoo sign-in seal, subscribers have the option of creating a unique message, such as a street address, or uploading an image. Users also can choose a sign-in seal color.
"Phishing is an industrywide issue, and Yahoo is always looking at ways to combat it," a representative for the Sunnyvale, Calif.-based Web giant said. We are testing and hoping to gradually roll out this new, optional feature that will allow people to uniquely personalize their Yahoo login.
Sign-in seals are being adopted by financial institutions as an anti-phishing measure for online banking. Bank of America, for example, uses the mechanism, but associates it with a person’s ID and password.
Web portals, which also offer online shopping and other e-commerce services, have made security a focus to ease consumer concerns. In a study released last year, the Pew Internet & American Life Project found that 9 in 10 U.S. consumers had made at least one change in their online behavior because out of fear of spyware, viruses and other Internet threats.
For example, more than 80 percent of the 2,000 adults surveyed said they had stopped opening email attachments unless they were sure the documents were safe, and nearly half no longer visited Web sites that they feared might deliver unwanted programs.
The sign-in shield is designed for use on a personal computer, not on systems in libraries or Internet cafes, for example. It works based on cookies, tiny files that a Web site can place on a user’s computer. "It is meant for people to use on their personal or work computers that they use regularly," the Yahoo representative said.
People who remove cookies from their system, for example for privacy reasons, can disable the new Yahoo feature and have to create a new shield. That, at least, was the case in CNET News.com tests using both Internet Explorer and Firefox. Yahoo is tweaking the sign-in shield so the feature won’t be rendered useless by removing cookies, the company representative said.
Some of Yahoo’s 208 million active registered users already have access to the security feature, the company representative said. Yahoo plans to make it available to all its U.S. users over the coming weeks and to users in other countries at a later stage, the company representative said.