Yahoo Account

Use a strong password

As with everything, make sure you use a strong unique password for your email account.

• Use 2-Step Verification
• Sign in to your Account Security page.
• Next to “2-Step Verification,” click Turn on 2SV.
• Click Get started.
• Select Authenticator app for your 2-step verification method.
• • To see this option, you’ll need to have at least 2 recovery methods on your account.
• Click Continue.
• Scan the QR code using your authenticator app.
• Click Continue.
• Enter the code shown in your authenticator app.
• Click Done.
• Sign in with 2-step for authenticator app
• • Sign in to your Yahoo account with your password.
• • Enter the code shown in your authenticator app.
• • Click Verify.

Remove Recovery phone/email

Don’t use a recovery phone or email. If an attacker steals your mobile number through a SIM swaps or gets access to your recovery email, they can use it to get access to your Yahoo account through this recovery function.

From a web browser:

• Sign in to the Yahoo Account Security page.
• Click Edit next to the verification option you want to delete.
• Click the Edit icon next to the recovery option you want to delete.
• Click Remove from my account.
• Follow the on-screen prompts to confirm the deletion.

From most Yahoo mobile apps:

• In the upper left, tap your Profile icon.
• Tap Manage accounts.
• Tap Account info.
• Tap Security Settings.
• Tap Edit next to the verification option you want to delete.
• Tap the Edit icon next to the recovery option you want to delete.
• Tap Remove from my account.
• Follow the on-screen prompts to confirm the deletion.

How To Recognize a Hacked Account

Some applications can link with your Yahoo account to provide access. You should review 3rd party applications that are linked to your account, and any permissions they might have. Remove unused applications, and exercise caution when authorizing new applications access to your account.

If you think someone is trying to access or take over your account, there are some important steps you need to take to secure your information. Know the warning signs and what to do if your account has been compromised.

Signs of a hacked account

• You’re not receiving any emails.
• Your Yahoo Mail is sending spam to your contacts.
• You see logins from unexpected locations on your recent activity page.
• Your account info or mail settings were changed without your knowledge.

Review your Yahoo Mail settings

Hackers may change the settings in your Yahoo Mail account to disrupt your inbox or get copies of your emails. Check some of the most commonly changed settings to make sure none of your info or preferences were changed without your knowledge.

• Email filters - Check to see if new filters have been created.
• Sending name - Confirm your sending name has not been changed.
• Email signature - Confirm your email signature has not been changed.
• Reply-to address - Make sure replies to your emails are going to the right inbox.
• Send-only address - Check to see if a Send-only address has been added or changed.
• Vacation response - Check to see if any unfamiliar automatic replies have been set up.
• Default sending address - Confirm the address that pre-populates in the “From” field is right.
• Blocked addresses - Make sure there aren’t addresses blocked that you want to get email from.
• Auto-forwarding address - Make sure your email isn’t being forwarded to any unfamiliar email addresses.

Sign in Settings

Avoid saving passwords to your Yahoo account and using it as password manager. Avoid signing in with Yahoo. Rely on a separate password manager instead.