Yahoo mail changes

2 views
Skip to first unread message

Ronald

unread,
Feb 22, 2021, 6:50:59 PM2/22/21
to
For several weeks, I haven't been able to use POP# to get mail from yahoo.
Yesterday I noticed an option via yahoo webmail on chromebook to get a
'one off password key for some older apps'
I did so (about 20 hours ago) and today, replacing the password with the
supplied code, downloading has worked.
I will find out tomorrow if this /is/ a one use only code.

Incidentally, Netsurf comes close to doing yahoo email, logs in but
the display is not quite useable.

Ronald

Mik Towse

unread,
Feb 23, 2021, 5:36:26 AM2/23/21
to
In article <590303a1...@yahoo.co.nz> Ronald wrote:
[snip]
> Incidentally, Netsurf comes close to doing yahoo email, logs in but
> the display is not quite useable.
Have uou tried Tapirmail? A good alternative to browser Webmail.

https://www.flypig.co.uk/tapirmail/

--
Mik Towse * mik....@xemik.com * http://www.xemik.co.uk/
My writers' site can be found at: http://www.lexis.org.uk

xemik.net - cost effective web hosting : http://xemik.net

Familiarity breeds contempt; and children. Mark Twain

Ronald

unread,
Feb 23, 2021, 1:05:00 PM2/23/21
to
In article <59033AF1D4%mik....@xemik.com>,
Mik Towse <m...@towse.org.uk> wrote:
> In article <590303a1...@yahoo.co.nz> Ronald wrote:
> [snip]
> > Incidentally, Netsurf comes close to doing yahoo email, logs in but
> > the display is not quite useable.
> Have uou tried Tapirmail? A good alternative to browser Webmail.

> https://www.flypig.co.uk/tapirmail/

Yes it is for POP3 and SMTP, nothing to do with webmail.
Not something I have used, or seen mentioned in recent years, which
probably means it's build date of 2013 is too old for TLSv3 etc.
However the source is reportedly on Github so there is hope and the
finished app looks tidy.

My port of Fetchmail using POP3 downloaded mail from
pop.mail.yahoo.com again today so thankfully the 'one off' password
code is something you only have to go to webmail and do once.
It is likely that other RISC OS POP3 fetchers would require the
password switcheroo also.
Actually I still find this preferrable to the Gmail method of forcing
you to be in their 'Insecure mode' and reminding you of it.

Is it any better? The USER and PASS is still sent after the encrypted
connection is made and PASS is still a series of characters so not
really. If the code generation method is kept private, it would
help to stop guessing 'likely' text passwords however if they use
a fixed number of characters in their code output, it reduces the
number of possible combinations dramatically.
If a high number of failed login attempts was monitored it would
probably be more secure.

Ronald

Reply all
Reply to author
Forward
0 new messages