Yahoo has pulled some shady shit with how you sign in to email from Apple devices

zcutlip@hachyderm.io

Yahoo has pulled some shady shit with how you sign in to email from Apple devices

So my mom tells me she can't get email from any of her devices. Turns out Yahoo had signed her out everywhere: Mac, iPhone, iPad. I had to help tet her signed back in on everything

It turns out they've broken the sign-in process in the following ways. Note this is *entirely* in the native account sign-in flow in Settings:

- They've somehow broken password managers in the webview so 1Password won't fill username/password. You have to switch back & forth copying/pasting
- They've broken #passkey support here as well, I'm guessing due to whatever they did to break password managers. So you get downgraded to a less secure 2FA mechanism like SMS
- And here’s the kicker: they're injecting a super aggressive interstitial in the sign-in WebView that tries to trick you into downloading the Yahoo Mail app instead of signing in to Mail.app

There's literally no way my mom could have navigated this. She 100% would have ended up installing an app she doesn't need because Yahoo told her to and because Apple Mail was "broken." I obviously don't *know* what's behind the forced sign-outs and the breaking of password managers and passkeys, but given the aggressive upselling of the Yahoo app, it really seems intentional

cc @rmondello because passkeys