Yahoo's two-factor authentication combines a password with a security question or a verification code sent to the user’s mobile phone.
Users who want to activate the two-factor authentication can do so through the Yahoo Account Info page.
“Once the feature is turned on, any suspicious account sign-in attempt will be challenged by a second sign-in verification beyond the initial password validation. To confirm the legitimacy of the sign-in attempt, you or the hijacker will have to answer your account security question or enter a verification code that will be sent to your mobile phone”, Andy Wu, product manager for Yahoo membership, explained in a blog.
“This second sign-in verification step acts as an additional, stronger 'beyond-the-password' challenge against any unauthorized access attempt. And our systems are also capable of other refinements to accomplish our ultimate goal: to block all account hijackers from accessing Yahoo! accounts”, he added.
The two-factor authentication feature is currently available to users residing in the US, Canada, India, and the Philippines, with the feature extending gradually to all worldwide users by March 2012.
In February, Google began offering two-factor authentication for its Gmail users; Facebook followed in April.