Password Security compromised by Oath and Yahoo new Privacy Terms?

Archive
1

Oath has blocked my Yahoo email account, and notified me it requires my consent   access my device and use my data to understand my interests and provide me with personal ads.' My concern is that if I give access to my computer, this may compromise Password Manager Security , since I leave the Vault open for long periods in the day.


 

 

 

2

Sir, thanks for your comments.However my situation is somewhat different from what you describe in your post. I should be grateful for advice going forward:

(1) My browser is Internet Explorer,so the vault does not automatically close-indeed it is open all day usually.

(2) I don't understand why a provider who has consent to access my devices, should be in violation with the law, when he does so.

(3) The browser is not breaking in to a vault [NPM] that is lying open.

(4) I don't see why Norton will block an intrusion when I have given Oath consent to access my devices.

(5) Also it doesn't seem to notify me any more of individual attempts to intrude-it may have been set to not notify me , following some problems I had previously.

(6) I don't know weather TLSV1.0 is relevant on my systems-how would I find out?

(7) My vault password is the same as my Norton account password-this came about because  the vault would periodically require this alternative, to open. So it follows that my vault and Norton Account password ,being the same are indeed shown on Symantec software , in the vault listing in Password Manager.

(8) Finally I eventually signed Oath's consent-because I had so much stuff in my mailbox.

(9) Passwords don't seem as important when the vault is lying open all day.

Please let me have your opinion, going forward, about how I should proceed from here.

3

Did you read their "terms" ? There isn't anything per se to "justify" stating Yahoo isn't asking for "physical access" to their customer machines. They aren't. Every website out there uses cookies which most browsers allow on at least a "per session" basis and those are deleted once the browser is close. The browsers Norton supports, with the exception of IE will automatically close the vault when the browser is closed. I might add. It is seriously in violation of many laws for a provider to ask for and even attempt to implement physical access to any system with or without consent.

No browser is going to break into NPM as the encryption used will not allow for it. Norton will also block every intrusion coming from the outside world and notify you regardless. Another note is if you have TLS v1.0 enabled on your systems disable it as it is vulnerable. Please read this article. Quoted from that article:

Norton Password Manager uses industry-standard AES encryption and TLS secure connections to your browser to help keep your vault data private.

Your vault password is the only key able to unlock your vault data, and your vault password is never sent or stored anywhere - not to any file or website and not to Symantec's own systems.

Norton Password Manager uses your vault password to immediately encrypt all information that gets stored in your vault.

Some time ago, I believe in 2017 OATH took over the infrastructure of Yahoo and AOL. As Verizon customers were migrated over to the AOL infrastructure it was made clear by their representatives there were no longer supporting the Verizon.com e-mail on their infrastructure and moving those accounts over to AOL servers. They, Verizon, as that single entity, not their acquisitions were not in that business model any longer. Yahoo, is nothing but a train wreck in my view customer should steer clear of. Migrate and move on from. Any company who waits more than 2 years to make public a data breech as huge as was with Yahoo, I must ask. Why in the world would anyone remain on their services? Yahoo itself and how they handle your data should be the first order concern. You as the end user have FULL CONTROL through their security dashboard over what software, etc. you wish to give permissions to automatically download which would otherwise do so without your consent.

In a nutshell: You passwords will NOT be compromised. YOU as the end user are responsible for maintaining your systems with patching and other updates to prevent the use of known vulnerabilities. If the end user has done so the chances of a compromised system are far less.

Cheers

4

Norton fighter-what is your justification in saying that 'Yahoo is not asking for "physical access" ?-it seems that by signing I am technically granting this.So my Password Vault security is being compromised, in that it is open all day.?

Also it appears to me that Verizon rather than "getting out , of the e-mail business"-are seriously trying to improve their profits?.

 

5

"their massive breach some time ago..." 

Sooo true.  Yahoo is such a trainwreck...

6

Yahoo isn't asking for "physical access" to their customers devices, just access to the messages, etc you are sending on their servers for the sake of targeted ads. As a Verizon customer, aka Oath, I haven't seen nor agreed to any notifications regarding what you are stating. I also do not have a Yahoo account for security reasons, aka their massive breech some time ago. Their terms are viewable here. You can opt out of their targets ads and the BS arbitration issues they are presenting to end users. Follow the links in the article posted. Bottom line is, Verizon whom owns Yahoo are in a serious mode of getting totally OUT of the e-mail support business. I WOULD migrate all my Yahoo data, messages and other files then move on from them to a better e-mail client. Save yourself the headaches.

Cheers