- Thread Author
- #2
Back at it again with the threads Pepeclap
Make sure to leave a like for Pepo and help me reach Contributor!
[HIDE] I'm gonna start off by clearing up some misconceptions. Most of the time if you're getting 2fa, the account isn't dead by any means. When I crack accounts the tool I use tells me which accounts have 2fa and which do not. It only flags the login as valid, if it actually logs in and loads the mailbox... So, when you're buying my logs and you're getting 2fa, something you are doing is triggering yahoo's website security.. There is a noticeable difference between 2fa triggered by security and 2fa that is set by the account owner. The way to tell the difference between 2fa triggered by security and 2fa the account owner set up is whether or not you've entered a password.
Example 1: You type the email, hit enter, and the next screen pops up to enter the password, and after you do so, then you get 2fa. That account is most likely salvageable as you triggered security.
Example 2: You type the email, hit enter, and 2fa pops up without any chance to enter the password.
That's 2fa from the account owner and the log is dead.
If the log has 2fa from security.. Good news! The log is by no means dead. Give it a few hours and try again while following the guidelines you'll read about in a moment.
With that out of the way, here is how to never trigger security aka 2fa ever again.
1) Never use the same IP for more than 3 accounts
Using the same IP is a huge red flag for yahoo's security. I mean think about it, wouldn't it be weird to have an account that has the same 2-3 ips logging into it for years suddenly have at least 2 different IPs logging into it, all within a short time span?
I say 2 different IPs because the proxy used to crack the account also counts.
2) Between each login clear cookies
The way a website keeps you logged in after you close out a browser is via cookies. They're usually encrypted strings of text that is sent to the server of the site you're connecting to that lets it know you were already logged in, and to load up your account. Not clearing these between logins makes yahoo's security suspicious of the traffic. Think of yahoos security like test. It has all of these things it watches out for and every time you do one of them you get points added to your score. Unfortunately, with this test, you don't want any points. The more you have the worse you've failed the test. After a certain threshold of points is met, yahoo's security will force a 2fa check.
3) Use Firefox and this add-on https://addons.mozilla.org/en-US/firefox...asblocker/
When you login to a website it can gather a lot of data about you via java script. Things like the resolution of your monitor, the size of the browser window, pixel density, your timezone, what fonts you have installed and a whole lot more. What they can do with that information is make a "fingerprint". Now it might not seem like it but that fingerprint is most likely pretty unique. There's a lot of computers in the world, and lot of ways to set them up. To learn more about browser fingerprinting, check out https://amiunique.org/, they offer clear explanations on all of the different facets of fingerprinting and live examples showing what your browser tells websites.
4) Type the username and password, never copy paste
5) 911.re is cancer for proxies, try using https://dichvusocks.us it looks like shit but the proxies are computers in a botnet, so they're residential IPs and not datacenter.
6) Don't load https://mail.yahoo.com/ to login, google the word yahoo and open a link from google to yahoo. This sets specific cookies that tell yahoo where you loaded their url from and this lowers the chance of yahoo thinking you're a bot
7) Avoid using the app.
Like I said earlier, yahoo is using a technique called browser fingerprinting to identify you and flag accounts you login to. The only way you're able to avoid that on mobile is by using different browser apps or using a rooted device and spoofing things like device model, and android version. It is always preferable to use a PC.
If you can follow those 7 rules when checking logs, you will never trigger yahoo's security again. Go back and check logs you thought had 2fa. They will still work if you can follow my method.
[/HIDE]
Make sure to leave a like for Pepo and help me reach Contributor!
[HIDE] I'm gonna start off by clearing up some misconceptions. Most of the time if you're getting 2fa, the account isn't dead by any means. When I crack accounts the tool I use tells me which accounts have 2fa and which do not. It only flags the login as valid, if it actually logs in and loads the mailbox... So, when you're buying my logs and you're getting 2fa, something you are doing is triggering yahoo's website security.. There is a noticeable difference between 2fa triggered by security and 2fa that is set by the account owner. The way to tell the difference between 2fa triggered by security and 2fa the account owner set up is whether or not you've entered a password.
Example 1: You type the email, hit enter, and the next screen pops up to enter the password, and after you do so, then you get 2fa. That account is most likely salvageable as you triggered security.
Example 2: You type the email, hit enter, and 2fa pops up without any chance to enter the password.
That's 2fa from the account owner and the log is dead.
If the log has 2fa from security.. Good news! The log is by no means dead. Give it a few hours and try again while following the guidelines you'll read about in a moment.
With that out of the way, here is how to never trigger security aka 2fa ever again.
1) Never use the same IP for more than 3 accounts
Using the same IP is a huge red flag for yahoo's security. I mean think about it, wouldn't it be weird to have an account that has the same 2-3 ips logging into it for years suddenly have at least 2 different IPs logging into it, all within a short time span?
I say 2 different IPs because the proxy used to crack the account also counts.
2) Between each login clear cookies
The way a website keeps you logged in after you close out a browser is via cookies. They're usually encrypted strings of text that is sent to the server of the site you're connecting to that lets it know you were already logged in, and to load up your account. Not clearing these between logins makes yahoo's security suspicious of the traffic. Think of yahoos security like test. It has all of these things it watches out for and every time you do one of them you get points added to your score. Unfortunately, with this test, you don't want any points. The more you have the worse you've failed the test. After a certain threshold of points is met, yahoo's security will force a 2fa check.
3) Use Firefox and this add-on https://addons.mozilla.org/en-US/firefox...asblocker/
When you login to a website it can gather a lot of data about you via java script. Things like the resolution of your monitor, the size of the browser window, pixel density, your timezone, what fonts you have installed and a whole lot more. What they can do with that information is make a "fingerprint". Now it might not seem like it but that fingerprint is most likely pretty unique. There's a lot of computers in the world, and lot of ways to set them up. To learn more about browser fingerprinting, check out https://amiunique.org/, they offer clear explanations on all of the different facets of fingerprinting and live examples showing what your browser tells websites.
4) Type the username and password, never copy paste
5) 911.re is cancer for proxies, try using https://dichvusocks.us it looks like shit but the proxies are computers in a botnet, so they're residential IPs and not datacenter.
6) Don't load https://mail.yahoo.com/ to login, google the word yahoo and open a link from google to yahoo. This sets specific cookies that tell yahoo where you loaded their url from and this lowers the chance of yahoo thinking you're a bot
7) Avoid using the app.
Like I said earlier, yahoo is using a technique called browser fingerprinting to identify you and flag accounts you login to. The only way you're able to avoid that on mobile is by using different browser apps or using a rooted device and spoofing things like device model, and android version. It is always preferable to use a PC.
If you can follow those 7 rules when checking logs, you will never trigger yahoo's security again. Go back and check logs you thought had 2fa. They will still work if you can follow my method.
[/HIDE]
