Back to Guides/Tutorials
yahoo

How to bypass 2FA on yahoo in 2022

Yahoo has increased their security on accounts. It’s becoming harder and harder to crack accounts. We’d imagine that carders like yourself are having issues with logging in as well.

If you aren’t having issues using yahoo after October 15 2021 up until now, then good job, you already know how to use accounts on websites with higher security.

Ok, but first of all we are going to start off by clearing up some misconceptions. Most of the time if you’re getting 2FA, the account isn’t dead by any means.

When we spam accounts the tool we use after obtaining the data tells us which accounts have 2FA and which do not.

It only flags the login as valid, if it actually logs in and loads the mailbox. 

So, when you’re buying logs from our shop and you’re getting 2FA, something you are doing is what’s actually triggering yahoo’s website security.

There is a noticeable difference between 2FA triggered by security and 2FA that is set by the account owner.

The way to tell the difference between 2FA triggered by security and 2FA the account owner set up is whether or not you’ve entered a password.

Example 1:

You type the email, hit enter, and the next screen pops up to enter the password, and after you do so, then you get 2FA. That account is more than likely salvageable as the triggered security is due to your action.

Example 2:

You type the email, hit enter, and 2FA pops up without any chance to enter the password.

That’s 2fa from the account owner and this email-log is dead and we will NEVER sell these logs in our shop while stating they come with a valid email.

If the log has 2FA from security. Good news! The log is by no means dead. Give it a few hours and try again while following the guidelines you’ll read about in a moment. With that out of the way, here is how to never trigger security aka 2FA in the first place.

1. Never use the same IP on more than 2 yahoo accounts.

Using the same IP is a huge red flag for yahoo’s security, think about it, wouldn’t it be weird to have an account that has the same 2-3 IP’s logging into it for years and suddenly have these other new IPS logging into it, all within a short timespan?

We say 2 different IPs because the proxy used to crack the account also counts.

2. Between each login clear your cache & cookies using a premium CCleaner 5 Pro that you can download from Mega for free (clean nulled version).

The way a website keeps you logged in after you close out a browser is via cookies.

They’re encrypted strings of text that is sent to the server of the site you’re connecting to that lets it know you were already logged in, and to load up your account. 

Not clearing these between logins makes yahoo’s security suspicious of the traffic.

Think of yahoo’s security like test. It has all of these things it watches out for and every time you do one of them you get points added to your score.

With the yahoo’ s test in place, you don’t want any negative points. The more negatives that you have the worse you’ll score on their test. After a certain threshold of negative points are met, yahoo’s security will force a 2FA check on its account holder.

3. Use firefox and this addon https://addons.mozilla.org/en-US/firefox/addon/canvasblocker/

4. Type the username and password.

5. 911.re is good you can also try using https://dichvusocks.us their proxies are computers in a botnet, so they’re residential IPs and not a generic datacenter ones with a low score. 

If at all possible, invest in a https://luxsocks.ru/ account, that’s gold standard for proxies.

PLEASE NOTE: We are not affiliated with any of the links we mentioned in this blog , they are mentioned purely for your ease and the fact that we use those ourselves, are we vouching for those? The short answer is “NO” they are just mentioned because they are relevant to the method at the time of posting the article, by all means you should do you own research, with that said let’s get onto next (number 6) point.

6. Don’t load https://mail.yahoo.com/ to login, google the word yahoo and open a link from google to yahoo. 

This sets specific cookies that tell yahoo where you loaded their url from and this lowers the chance of yahoo thinking you’re a bot.

7. Avoid using the app. Like we mentioned earlier, yahoo is using a technique called browser fingerprinting to identify you and flag accounts you login to. 

The only way you’re able to avoid that on mobile is by using different browser apps or using a rooted device and spoofing things like device model, and android version. 

It is always preferable to use a PC/laptop and you’ll find that working in your favor to avoid Yahoo 2FA, we have tested the steps above time and time again.

Comment (1)

  • deborah zielke Reply

    i would like to get on my yahoo.com

    May 25, 2022 at 8:55 am

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to Guides/Tutorials