Protecting Your Yahoo Mail With 2-Step Authentication

Keep your personal information safe with two levels of security

Two-step authentication protects your Yahoo email account against suspicious login attempts and hacking. Despite the method's sophistication, Yahoo makes enabling it quite easy.

About Two-Factor Authentication

Two-factor authentication (2FA), also called two-step authentication, is a security protocol that requires two methods to gain access to an application or program. For example, your bank's website might require more than a username and password; you might also be prompted to identify a picture that you chose previously, to prove that you are who you claim to be. Alternatively, some sites such as Yahoo require authentication on a separate device, such as your phone. This extra layer of security is for your protection.

1:08

Protecting Your Yahoo! Mail with 2-Step Authentication

How Secure Is Your Email at Yahoo?

The Yahoo Mail service checks the password when somebody attempts to log in to an account; it also looks at the location and computer from which the attempt is made. If one looks suspicious (for example, a login from a device you've never used before), it can require more than the password, but only if two-step authentication is enabled.

When two-step authentication is enabled, you must enter not only your password, but also a code sent to your cell phone. Your Yahoo Mail account is then as secure as your password and access to your mobile phone.

For a similar degree of security, Yahoo Mail also offers Access Key logon using a mobile app.

Protect Your Yahoo Mail Account with 2-Step Authentication

To add a second layer of authentication for suspicious log-in attempts, log in to your Yahoo Mail account, then:

  1. In the upper-right corner, select your Account icon.

    A Yahoo Mail inbox with the Account icon highlighted
  2. Select Account Info.

    A Yahoo Mail inbox with the Account Info button highlighted
  3. Select Account Security.

    Yahoo Mail account info page with the Account Security tab highlighted
  4. Turn on the Two-step verification toggle switch.

    If Yahoo Account Key is enabled (like for Flickr), turn it off. Account Key isn't compatible with two-step verification.

    Account Security page for a Yahoo Mail account with the switch for Two-step verification highlighted
  5. When prompted, enter a mobile number. Then, choose either Send SMS or Call me to receive an authentication code.

    When entering your mobile number, leave out any non-numerical characters. For example, enter 1234561234 rather than 123-456-1234 or (123) 456-1234.

    Mobile number and text/call buttons to set up two-factor verification in Yahoo Mail
  6. Depending on the method you chose, you'll receive a text or phone call with the verification code. Type the code into the dialog box that appears onscreen after you choose the method of contact, then select Verify.

    Enable two-step verification window in Yahoo Mail with the Verify button highlighted
  7. If the numbers match, a success dialog box appears with options to Create app passwords for apps that don't recognize or use two-step authentication. Or, choose Skip for now to skip this process.

    Two-step authentication will not apply to Yahoo Mail accessed using POP, mobile devices, or IMAP. For these, create application-specific passwords.

    Two-factor verification success screen on Yahoo Mail with "create app passwords" and "skip for now" buttons highlighted
  8. From now on, you'll be prompted for an authentication code when logging in.