Yahoo Explains How It’s Making All Its Properties More Secure

Last fall, Yahoo announced that it would turn on SSL/HTTPS encryption for Yahoo Mail this year, which it did in January. The following month, they added it to Tumblr. Yahoo has now posted an update on...
Yahoo Explains How It’s Making All Its Properties More Secure
Written by Chris Crum
  • Last fall, Yahoo announced that it would turn on SSL/HTTPS encryption for Yahoo Mail this year, which it did in January. The following month, they added it to Tumblr.

    Yahoo has now posted an update on its ongoing encryption efforts.

    It says that traffic moving between the company’s data centers is now full encrypted as of March 31st.

    In addition to the aforementioned change to Yahoo Mail, they enabled encryption of mail between its servers and other mail providers that support the SMTPTLS standard in the last month.

    The Yahoo Homepage and all search queries that run on it, as well as most other Yahoo properties now have HTTPS encryption enabled by default.

    Yahoo implemented “the latest in security best-practices,” it says. This includes supporting TLS 1.2, Perfect Forward Secrecy and a 2048-bit RSA key for global properties like Homepage, Mail and Digital Magazines. They’re currently working to bring all Yahoo sites up to this standard, the company says.

    Yahoo users can also now initiate an encrypted session for Yahoo News, Yahoo Sports, Yahoo Finance and Good Morning America on Yahoo by typing “https” before the site URL.

    The company says a new, encrypted version of Yahoo Messenger will be deployed in the coming months.

    “One of our biggest areas of focus in the coming months is to work with and encourage thousands of our partners across all of Yahoo’s hundreds of global properties to make sure that any data that is running on our network is secure,” says Chief Information Security Officer Alex Stamos. “Our broader mission is to not only make Yahoo secure, but improve the security of the overall web ecosystem.”

    Yahoo says the goal is to encrypt its entire platform for all users all the time by default. They’ll also be implementing additional security measures like HSTS, Perfect Forward Secrecy, and Certificate Transparency over the coming months.

    Image via Yahoo

    Get the WebProNews newsletter delivered to your inbox

    Get the free daily newsletter read by decision makers

    Subscribe
    Advertise with Us

    Ready to get started?

    Get our media kit