Yahoo Mail
https://mail.yahoo.com/| Recommended Configuration | Proprietary; Email; SMS |
|---|---|
| Alternate Configuration 1 | Email; SMS |
| Alternate Configuration 2 | |
| Alternate Configuration 3 | |
| Account/Password Recovery | PR SMS; PR email |
| Remarks | automatic SMS backup signup using phone number on file; automatic email backup signup using email on file; 1-step login (via notification, OTP via SMS, OTP via email) enabled if proprietary app 2FA is selected |
| Responses |
Notified on January 11, 2020. Closed on January 12, 2020; did not understand vulnerability with authentication policy. |
