Yahoo's competitors have supported full-session HTTPS for some time. Google implemented full-session HTTPS as an optional setting in Gmail back in 2008 and at the beginning of 2010 it turned it on by default for all Gmail users. Microsoft added the option in Hotmail in November 2010 and the new Outlook.com webmail service uses it by default.
Facebook and Twitter have had support for full-session HTTPS since 2011 and earlier this year they started enabling it by default for all of their users.
The next important step for Yahoo would be to enable HTTPS by default globally across all of its products and services, Access said.
In the meantime, the EFF will attempt to tweak its HTTPS Everywhere browser extension so that it always turns on HTTPS for Yahoo Mail even if users are unaware that the setting exists in their email options.
Sign up for Computerworld eNewsletters.