Yahoo, still an awful company
Today I had to speak to Yahoo Customer Support for my parents. They forgot their Yahoo mail password yet its saved on their iPad. Worst experience ever, with any customer support.
Firstly, I had to wait three hours to even speak to a rep. And the customer service line says 'your call may not be answered today.' Ridiculousness!
The rep wouldn't even give me her name or employee number to report her. She basically said if we don't know the answer to the secret questions, we can't get the account back. I told her that we would fax photo identification, social security card, etc if necessary to prove the ownership of the account. Additionally, I let her know that we still had access to the account via the iPad mail yet didn't know the password. She actually would not transfer me to a manager or even give a name. Her exact words were "I'm the only one here. Goodbye." and then hung up on me. For a company trying to beat Google, I cannot believe I had to put up with this shit. Seriously, Yahoo is an awful awful company.
I don't know what to do next. My parents run a business and the Yahoo email is necessary for their business. I cannot believe how unprofessional Yahoo is and furthermore uncaring.
Any ideas?
25 comments
[ 2.9 ms ] story [ 58.0 ms ] threadI'd approach this in the following way:
- Sign up for an account with a company that specializes in email. I use Fastmail myself, but there are (many!) others.
- Purchase a domain relevant to their business and set up an email on that. joe@momandpop.com, that sort of thing.
- Update whatever refers to the old address (websites, flyers, business cards etc.) so if this happens again, you can switch providers but keep the same email address.
- Get a decent password manager application, and teach your parents to use it. I just use Emacs + ccrypt to store my secrets; they'll probably need a simpler solution but there are many available.
- Continue working on Yahoo! to regain control of the Yahoo! email address, assuming that's still important (e.g. customers will try to contact them on it). Try calling back at different times, email / online chat (if available) or even send a solicitor's letter. Realistically, though, I think that email address is gone for good.
If there's one important lesson to learn from this, it's that important email addresses should be on a domain you control, not .yahoo.com, .google.com, etc. etc.
No there doesn't. Yahoo has no way of knowing that you are actually the owner. Nor are they obligated to go out of the way to verify ownership (which would pretty much require in-person verification, and be expensive, and even then that only works if the user signed up with personal information matching their real life identity).
> They forfeit their online identities?
Yes, that is how online accounts work. If you don't like it then use a more expensive email service with such features, or take better care of your passwords by writing them down. If things were ran your way, everybody's email would be accessible to every little Mitnick crawling around out there.
See here: https://www.google.com/search?q=XYMCOOKIE+authentication
That being said, other than Yahoo taking a long time and being potentially rude, they did the right thing. If you don't have the password and can't answer the security questions and or don't have access to the recovery email address then yes you will lose full access. Otherwise, what would stop someone else from comprising someones account? Photo ids and other documents can be faked and or stolen. My 1Password holds all my passwords but if someone was able to do what you desire they could potentially gain access to my email account and then do password resets on my bank accounts and all other accounts and take over everything even without my 1Password accounts. (well I use 2 factor for most but you get the idea).
Now if Yahoo did give you access without providing a password or answer to security questions then yes that is a big security issue.
Once again, still sucks for your parents though. And if really important I imagine you can just jailbreak the iPad and their are ways to see save passwords assuming they saved it on their ipad in mail app or another app possibly. Or if they have a Mac it would be in Keychain.app.
I have used chralesproxy[1] to do something similar, but you might want to try proxy.app it was just mentioned here on HN a couple days ago[2]
1: http://www.charlesproxy.com/ 2: https://news.ycombinator.com/item?id=7777807
Anyho, I did end up writing a Theos Mobile Substrate tweak to syslog SSL communications and it turns out Yahoo authenticates via a XYMCOOKIE only usable with SMTP and IMAP. So pretty useless for actually logging into yahoo.com
Here's the theos code if anyone else wants to log SSL on their jailbroken device: http://pastebin.com/K6nDG39Y
This is exactly the conversation I have with clients in this sort of situation: "You shouldn't be using Yahoo, or any other free email service, for your business email. Even if we could solve this problem now, you're going to have another problem later on. We need to set you up with a proper, professional email address, you will have to send out a short update to your contacts announcing the new email address, you'll have to update your website and any other business materials, and for a while, you'll have to forward all of your Yahoo mail to your new email address.
I know this sounds expensive and sounds like a lot to have to do right now, and it is, but I don't provide Yahoo support for free, and you're better off getting this fixed now rather than putting it off and having to do it another day anyway. I'll be happy to help you with all of this."
If somebody, whether family or client or otherwise, uses Yahoo or Gmail or Hotmail (or outlook.com or whatever the heck it is now), I'll make one good faith attempt to resolve their trouble, and then after that I simply don't care anymore. They're using a stupid service, and that's their problem, not mine, and I'm not going to grow another gray hair over it.