I am, sorry, was a Yahoo user. That is until they or some hacker fudged my password. Over the past few weeks (January 2007), I have been increasingly irritated by a rising barrage of password demands from Yahoo. In the past ten days or so, I have even been asked for my password immediately after successfully logging on … and then again sporadically, maybe a few times an hour and on a couple of occasions in quick succession.

Then it happened. I was denied access. I was stunned. Yahoo was telling me that either my Yahoo ID or password was incorrect. I was only just reading a message and wanted to check my mail again, got asked for my password *SIGH* … and now whammo I can’t access my account!!!

I can’t decide if my account was hacked or if there was a glitch in Yahoo’s password system. Initially I suspected I have been hacked … but now I am beginning to suspect that in Yahoo’s zeal to ramp up random password validation requests, that they have created such a storm of such validation requests that somewhere along the line their password cache memory got garbled. If I am right, there should be a rising tide of Yahoo users who are or will soon also be in my situation.

Now I am in the loop trying to access my account again. Reading some of the posts out there, I am not optimistic. I have to wait 48 hours, they say. Also, now they are demanding ALL the information I provided when I created my account … and I was one of their early adopters. What on earth did I tell them then? I am sure I was a little evasive … not wanting to give any more information away that was strictly necessary. I do recall being asked to give a secret answer to a challenge question and am sure I found a good one that only I would know. I never, however, counted on the answer AND the question being secret. Apparently now, they want me to tell them BOTH the question and the answer. This is not reasonable. Who would expect that you have to remember some obscure question you set maybe a decade earlier. Certainly it would be a good one that only you knew the answer to.

So far all I have are auto-responses … I am praying that some sentient being will read my please for help and will have the common sense to realize that I have provided more than ample information to convince them that I am the rightful owner. But I also know at one person who lost their Yahoo account because a former room mate installed a key-logger on their computer and then took-over their account.

Even though this ex-room mate went on to post hateful content on their profile (about the supposed account owner) Yahoo was not convinced to return control to the original owner. I should add, however, that in this case this individual made-up entirely fictional data when they created their account in the first place … so there was no hope that they could validate the data that Yahoo had on file.

I am now waiting to see if Y! resets my account and sends me a new password and, if so, if it is in plain text. hmmm, silly question. Well even if I get my account back, will I still have all my email and Y! Messenger contacts?!? Or will my on-line world come crashing down.

Does anyone want to register YahooUsers.org? (Yahoo already has YahooUsers.com)

Pedro

I’m developing a Java Enterprise Application for a school management (like a small ERP with various modules communicating) and, besides it’s an Intranet web application, without external access to it, I encrypt all users passwords with the hash() java method, before store it to the database. Do you think that’s a good way of encrypt passwords for such type of application?

Unfortunetely the school hasn’t much financial resources, so I have the application server and database server on the same computer. Is there any major issue with that?

Thank you.

What do you do about the password being sent in plain text?

what can i tell you? either your http connection is secure, or it isn’t. and either pop pays for security (and possibly more customers), or he doesn’t.

but if sending an unencrypted password is your weakest link, then you’re already a lot more secure than many [large-scale] websites.