You can add two-step authentication to your Yahoo account (and Yahoo Mail) to add a layer of protection to your account. Yahoo calls this feature "
second sign-in verification". Once you add a cell phone number to your account, it can be used to reset your password, and for two-factor authentication the first time you login to Yahoo from a particular desktop or mobile web browser. Like two-step authentication in Hotmail / Outlook.com or "login approvals" for Facebook, the feature relies on cookies: the first time you login to Yahoo from a particular browser, and confirm your identity, Yahoo will "remember" it (until your clear your cookies). This prevent anyone from logging into your account, even if they know its password!
Quick Steps to add two-step authentication to your Yahoo account:
Log into the Yahoo account you wish to protect: if the page you're on shows a gear icon near the top right corner of the screen, mouse over it and choose "Account Info" from the dropdown menu. Otherwise, click on your username, also displayed in the top right corner of the page. Yahoo will open your Account page in a new window / browser tab, so make sure that it isn't blocked by your popup blocker; if asked for your password, enter it. Scroll down to the second section, "
Sign-in and Security", and click on the "Set up your second sign-in verification" link:
On the "
Protect your account" page that loaded, click on the "Get started" button. You will now have the choice to use the cell phone number you've already added to your account, or to use a new one. Click "Use current phone" to proceed with the existing one, or "Add new phone" otherwise:
You are just about finished: you'll get the "Generate app passwords" popup, to use second sign-in verification for mobile apps that don't support it, like the iOS Yahoo Mail app (iPhone / iPad / iPod touch), Android Mail, or Outlook for Windows Phones. If you use -or plan on using- any of these apps, click on the "Generate password" button; otherwise, click "Skip for now":
Security Verification" screen will let you choose a method of verifying your identity: an SMS text message to your mobile phone on file, a verification call to it, or a message sent to an alternate email address. Make your selection, enter the verification code, and click Submit:
Note: this is the same screen you'll see whenever you try to login from a web browser you haven't used in the past. The more verification methods you've added (email, cell phone numbers), the easier the second-step verification is, since you can choose whichever's more practical at the moment.
Now that you've verified your identity, you can generate app passwords from the "
Protect your account" page (the one we just came from). Just click on the "Generate app password" link, and type a descriptive and easy-to-remember mobile app and/or device name on the next screen. In our case, we'll call it "
Yahoo Mail for iPhone" - then, click "Generate password":
Yahoo will now give you a long, custom password: write it down somewhere safe, and enter it the next time you get asked for the app password (you'll only need to enter it one time, for verification).
The next time you sign into your Yahoo account from a new web browser, you'll get the standard login form: just enter your Yahoo ID / email address and your account password, and click Sign In.
What happens next is what differs from the standard login process: instead of being redirected to the Yahoo homepage or your Yahoo Mail inbox, you'll see the verification screen shown below. In our case, we picked to have a security code sent as SMS text to our iPhone (pictured on the left screenshot). Once you've entered the matching code, you'll be signed into your account. Unlike some other websites or web apps, Yahoo will automatically remember the web browser in question - make sure to manually logout from your account when you are done if this isn't your computer!
To cancel two-step authentication for your Yahoo account, go back to gear icon > Account Info > Set up second sign-in verification: but this time click on the "Turn off second sign-in verification" button. Realize that you will no longer get that extra protection, so be extra careful when signing in: