At 15:02 2016-12-17, mbsoftwaresolutions@mbsoftwaresolutions.com wrote:

On 2016-12-16 18:19, Alan Bourke wrote:

...

Two factor authentication. Everyone's doing it.

Is that two though? Isn't the phone confirmation just 1-factor? He didn't enter a password on the computer (and I don't think this is listed as a 'trusted/safe' device).

Borrow your stepson's phone and find out.

If possession of the phone is enough, that is a nasty vulnerability.

I do not have a cell phone myself. I rarely need the functionality. I occasionally borrow someone's to make a call. Who would be willing to if it means I could get into his Yahoo! account?

Sincerely,

Gene Wirchenko