By default, you can login to Yahoo using just a username and password. That means that if someone stole or guessed your password, they'll be able to sign into your account! You can protect your account with "two-factor authentication", which forces you to supply two pieces of information when you login to Yahoo from a web browser or mobile device for the first time: in addition to your account password, you'll have to verify a security code sent as SMS text message to the cell phone number you provided, or talked to you as an automated phone call. You can also get your verification code sent to one of the alternate email addresses you added to your account. Yahoo calls this feature "
two-step verification". Since you go through the same sign-in form to log into your Yahoo profile or to Yahoo Mail to check your emails, two-step verification protects your entire account!
Quick Steps to turn on two-factor authentication in Yahoo:
From a regular web page on a Yahoo website, move your mouse above your username, near the top right corner of the page, and click on the "Account Info" link - if you don't see it, login to your Yahoo account. If you are signed into Yahoo Mail, mouse over the gear icon, also near the top right corner of the page, and choose "Account Info" at the bottom of the dropdown. If you're prompted to enter a password, do it - it's just a security measure.
A new browser tab may open, so make sure that it isn't blocked by your popup blocker. (Tip: in Internet Explorer, you can temporarily override your popup blocker by holding down the Ctrl and Alt keys while clicking on a link!) Click on the "Account Security" section in the left pane. Your security options will load on the right. The very last setting is labeled "Two-step verification", and includes a switch - much like the options on an iPhone or Android smartphone:
Click or tap on the switch to enable two-factor authentication for your account: depending on the information you've added to your account, you may get one popup or another. Pictured left is the one we got, since we've added a cell phone number to our account.
Enter the phone number you'd like to use for authentication, including area code (the pre-populated country at the top comes from the one you supplied when you created your Yahoo account - make sure that it matches your phone!) Click "Send SMS" to get a security code by text message, or click "Call me" to have one read to you instead - wait for the call or text message.
Enter the security code in the text box, and click "Verify": if all went well, you'll get a "
Success! You've enabled two-step verification" confirmation message. Otherwise, double-check the code you just entered and retype it if needed, or request a new security code or phone call.
Notice that the confirmation popup also includes a "Create app passwords" button at the bottom: this is designed for Yahoo-related mobile apps (and apps that required logging into Yahoo) which do not support two-factor authentication. By creating an app password for each of these applications, you can keep using them, while enjoying the extra protection. Click on the button to proceed, or click "Skip for now" to do that another time.
Note: this feature is also available for other popular online services; learn how to setup two-factor authentication for your Facebook account, or your Microsoft Hotmail / Outlook.com account. When it comes to desktop email programs like Microsoft Outlook, Windows Live Mail, or Mac Mail, you just need to include the Yahoo Mail server settings and supply your email address / password.
If you no longer want to use two-factor authentication, follow the same steps: click on the gear icon, click "Account Info" in the dropdown, and select your "Account Security" settings on the left. This time, the switch on the right will be green (meaning that it's "
turned on"). Click on it once to turn it off. You'll receive a "
Two-step verification deactivated for your account" confirmation email. Whether you enabled or disabled the feature, you'll need to manually log out of Yahoo (Mail) to see the change: