Yahoo Moves Forward With Account Transfer Plans, Lets Users Make ID Wishlists
Last month, Yahoo announced its plans to deactivate inactive accounts, and give some more desirable Yahoo IDs and email addresses to loyal users who want them. The thinking is that users will be able to get things like email@example.com rather than firstname.lastname@example.org.
Yahoo has been around so long, and so many people who signed up for it years ago have since moved on to other services, and never use their Yahoo accounts anymore. Yahoo wants to let the people that actually do use their accounts have the good IDs.
Yahoo announced today that it is now letting people create their “wish lists” to get the names they want. Next month, they’ll let users know if they got what they wanted.
You can fill out your wish list here. You can request your top five choices. If Yahoo determines that it can’t give you your first choice, it will try one of your backups. Then, in mid-August, it will snd you an email letting you know which of your choices are available, and give you a link to claim it. You’ll have 48 hours to do so.
Yahoo’s plan has drawn some criticism due to security concerns. One noted security expert went so far as to call the whole thing “moronic”.
Today, Yahoo announced that it will be working with partners like e-commerce and social networking sites on identifying that people are the new owner of a Yahoo username, and not a previous one.
Yahoo’s Bill Mills describes the process in a blog post. He writes:
I wanted to share one measure we’re taking to protect the privacy of our users who had an e-mail address that may be re-used, which is a very small percentage of the accounts that we will be recycling. We encourage anyone using e-mail to communicate with their users, especially for e-commerce and recovering their accounts, to adopt this measure to ensure the security of their users.
To communicate that a username has a new owner to e-commerce sites like “JoesAntiques.com,” or social networking sites like Facebook, we’ll allow them to “ask” for a new type of validation when sending an email to a specific Yahoo! user. The field, which can be requested via an email’s header is called “Require-Recipient-Valid-Since.”
We feel that our approach, which we’ve worked on with our friends at Facebook, is a good solution for both our users and our partners.
According to Yahoo, if a Facebook user with a Yahoo email account submits a request to reset their password, Facebook would add the Require-Recipient-Valid-Since header to he reset email, which would signal to Yahoo to check the age of the account before delivering the mail. If the “last confirmed” date that Facebook specifies is before the date of the new Yahoo username ownership, the email will not be delivered and will bounce back to Facebook, who will then contact the user by other means.
“This example illustrates how Facebook will do this – others will have their rules for determining their age requirement for the recipient / receiving account,” says Mills.
This, he says, is a new standard being published with the IETF, and Yahoo will be working with partners to implement it. Other email providers can also adopt it, Yahoo suggests.