After Gmail, Hotmail and Facebook, Yahoo is adopting two factor authentication to protect users from account hijacks where the attacker gains access to the victim’s account using stolen password. When a Yahoo account is protected by the new Second Sign-in Verification feature, a mobile phone number is associated with the account through which the user has to verify his or her identify before it can login to their account. This prevents a hacker from gaining entry into the victim’s Yahoo account even if the password is compromised.
To enable second sign-in verification, login to your yahoo account and go to your Yahoo Account Info. Under Sign-In and Security, you can find the Second Sign-in Verification link. Click on it and follow the steps during which you will required to add your mobile phone number and subsequently verify it by entering the confirmation code sent to your cell phone by SMS.
Once the feature is turned on, any suspicious account sign-in attempt will be challenged by a second sign-in verification beyond the initial password validation. To confirm the legitimacy of the sign-in attempt, you or the hijacker will have to answer your account security question or enter a verification code that will be sent to your mobile phone. Only the legitimate user with access to the mobile phone can sign in. Account hijackers will be blocked since they neither know your security answer nor possess your mobile phone.
This feature is currently being rolled out users residing in the United States, Canada, India, and the Philippines. The rest of the world can expect to have it by March 2012.