Sign-in Seal of Yahoo

Yahoo has introduced a new approach to improve the security of user login. "Prevent password theft" link will be showed in the login dialog if you didn't setup the seal. Follow the link, you can create a sign-in seal for your computer. It could be a text message, or a image.

After reading their help content of this new anti-phishing method, I guess it's based on cookie, and I confirm my idea by a simple test.

The principal of Sign-in Seal should be:

The user upload an image or send some text, with a color choosed.
Yahoo server will produced a small gif image(less than 4KB) from those info.

Yahoo will create a long unique codes in a long-live cookie (expire after 30 years) on your computer, and everytime your browser visit Yahoo, it will be send back to Yahoo, and Yahoo will find your image from the unique codes and show it in the login page.

你可能感兴趣的:(Security,Yahoo,idea)