Yahoo mail changes
2 views
Skip to first unread message
Ronald
Feb 22, 2021, 6:50:59 PM2/22/21
to
For several weeks, I haven't been able to use POP# to get mail from yahoo.
Yesterday I noticed an option via yahoo webmail on chromebook to get a
'one off password key for some older apps'
I did so (about 20 hours ago) and today, replacing the password with the
supplied code, downloading has worked.
I will find out tomorrow if this /is/ a one use only code.
Incidentally, Netsurf comes close to doing yahoo email, logs in but
the display is not quite useable.
Ronald
Yesterday I noticed an option via yahoo webmail on chromebook to get a
'one off password key for some older apps'
I did so (about 20 hours ago) and today, replacing the password with the
supplied code, downloading has worked.
I will find out tomorrow if this /is/ a one use only code.
Incidentally, Netsurf comes close to doing yahoo email, logs in but
the display is not quite useable.
Ronald
Mik Towse
Feb 23, 2021, 5:36:26 AM2/23/21
to
In article <590303a1...@yahoo.co.nz> Ronald wrote:
[snip]
https://www.flypig.co.uk/tapirmail/
--
Mik Towse * mik....@xemik.com * http://www.xemik.co.uk/
My writers' site can be found at: http://www.lexis.org.uk
xemik.net - cost effective web hosting : http://xemik.net
Familiarity breeds contempt; and children. Mark Twain
[snip]
> Incidentally, Netsurf comes close to doing yahoo email, logs in but
> the display is not quite useable.
Have uou tried Tapirmail? A good alternative to browser Webmail.
> the display is not quite useable.
https://www.flypig.co.uk/tapirmail/
--
Mik Towse * mik....@xemik.com * http://www.xemik.co.uk/
My writers' site can be found at: http://www.lexis.org.uk
xemik.net - cost effective web hosting : http://xemik.net
Familiarity breeds contempt; and children. Mark Twain
Ronald
Feb 23, 2021, 1:05:00 PM2/23/21
to
In article <59033AF1D4%mik....@xemik.com>,
Not something I have used, or seen mentioned in recent years, which
probably means it's build date of 2013 is too old for TLSv3 etc.
However the source is reportedly on Github so there is hope and the
finished app looks tidy.
My port of Fetchmail using POP3 downloaded mail from
pop.mail.yahoo.com again today so thankfully the 'one off' password
code is something you only have to go to webmail and do once.
It is likely that other RISC OS POP3 fetchers would require the
password switcheroo also.
Actually I still find this preferrable to the Gmail method of forcing
you to be in their 'Insecure mode' and reminding you of it.
Is it any better? The USER and PASS is still sent after the encrypted
connection is made and PASS is still a series of characters so not
really. If the code generation method is kept private, it would
help to stop guessing 'likely' text passwords however if they use
a fixed number of characters in their code output, it reduces the
number of possible combinations dramatically.
If a high number of failed login attempts was monitored it would
probably be more secure.
Ronald
Mik Towse <m...@towse.org.uk> wrote:
> In article <590303a1...@yahoo.co.nz> Ronald wrote:
> [snip]
> > Incidentally, Netsurf comes close to doing yahoo email, logs in but
> > the display is not quite useable.
> Have uou tried Tapirmail? A good alternative to browser Webmail.
> https://www.flypig.co.uk/tapirmail/
Yes it is for POP3 and SMTP, nothing to do with webmail.
> In article <590303a1...@yahoo.co.nz> Ronald wrote:
> [snip]
> > Incidentally, Netsurf comes close to doing yahoo email, logs in but
> > the display is not quite useable.
> Have uou tried Tapirmail? A good alternative to browser Webmail.
> https://www.flypig.co.uk/tapirmail/
Not something I have used, or seen mentioned in recent years, which
probably means it's build date of 2013 is too old for TLSv3 etc.
However the source is reportedly on Github so there is hope and the
finished app looks tidy.
My port of Fetchmail using POP3 downloaded mail from
pop.mail.yahoo.com again today so thankfully the 'one off' password
code is something you only have to go to webmail and do once.
It is likely that other RISC OS POP3 fetchers would require the
password switcheroo also.
Actually I still find this preferrable to the Gmail method of forcing
you to be in their 'Insecure mode' and reminding you of it.
Is it any better? The USER and PASS is still sent after the encrypted
connection is made and PASS is still a series of characters so not
really. If the code generation method is kept private, it would
help to stop guessing 'likely' text passwords however if they use
a fixed number of characters in their code output, it reduces the
number of possible combinations dramatically.
If a high number of failed login attempts was monitored it would
probably be more secure.
Ronald
Reply all
Reply to author
Forward
0 new messages