yahoo-mail carousel …

pj fisher
  • pj fisher

    pj fisher - 2017-01-03

    this is a tip for others … i am not requesting help.

    while yahoo used to maintain the traditional member-name 'n password 'n "enter" key stacked one below each other (during login) … early 2016, yahoo has since changed their tactic a bit. now the user must enter their member-name and click the "enter" key … whereupon, yahoo refreshes the interface and then asks for password.…whereby that will need to click "enter" as well.

    so … in order to utilize passwordsafe for this interaction … as a result, passwordsafe's default policy may no longer work. here's the parameters that work for me:



    u is for username
    t is for tab
    n is for enter
    W3 is to wait (three seconds)
    p is for password
    n is for enter

    the "w" variable represents a delay indicator. while the lower-case w = milliseconds … the upper-case W = seconds. so, in the above formula W3 … after the user's member-name has been entered/accepted … yahoo refreshes the interface and then asks for password. in effect, we are giving yahoo three seconds to satisfy it's vehicle, before entering password.


    Last edit: pj fisher 2017-01-03
  • MrMe

    MrMe - 2017-01-03

    This is a good tip.

    Actually and Microsoft accounts (for example websites also now operate this way, so this type of sequence work there too.

    Your sequence can actually be simplified to: \u\n\W3\p\n (leave out the \t).

    My preferred sequence for this is actually: \t\s\u\n\W3\p\n

    I start all my autotype sequences with tab followed shift-tab to clear the username field. One reason is that just to make sure that the username field is ready for input I sometimes tap a key or two the keyboard in the username field before sending my autotype sequence. By starting with tab followed by shift-tab the username field gets cleared automatically before the username is autotyped.

    I've also noticed that Yahoo defaults to having the 'stay signed in' checked by default. If you like, from Password Safe v3.41.0 there are new autotype that could be included in the sequece above to clear the 'stay signed in' check box.

  • pj fisher

    pj fisher - 2017-01-04

    thanks for the tip regarding "uncheck stay signed in", mrme … was unaware of that control.

    as for your very first sequence … that was initially what i had come up with. after trying that string two or three times … each time, no cigar. what did happen was the password-value would end up cohabitating with the email-value in the email-field … then i'd be staring at a password-field with no value. not only that … under certain conditions … it would be child's play for a snooper (local machine) to copy that password (part of email-value). however, when i inserted the "t" for tab as in my previous post … the sequence then became valid … and i was off to the races!

    mrme … as to your second thoughts … starting the formula with "t" and "s" … of course, so it would clear out a "default" value or what i call "jabberwocky" (enter your email). until now, my method was just to highlight current or stored value … allowing pwsafe to overwrite.

    in all honesty … it's doubtful i will reconsider adopting your method, mrme … it's got advantages. however, there's serious shortcomings as well. some web-sites (yahoo, aol, google, etc.) occasionally insert linked-images or "click this" toggles before the interface obtains mouse-focus … these administrations tend to "steal focus" from the mouse or pointer-device. veritably, in my own warped imagination … a devious hacker could design his advertisement to harness a succession of three mouse-clicks … those three clicks would be all the values going from pw-safe to the web-client. thanks, but no!

    p.s. the following two images were in reference to my first post … previously, i was unaware allowed attachments … thanks.

    Last edit: pj fisher 2017-01-04
  • MrMe

    MrMe - 2017-01-04


    Not sure why the sequence without the \t doesn't work for you. The sequence without the \t has been working fine for me at,, and for a while now. Could there have been a mistake the first time you tried it? Both sequence will work but once you send \u followed by \n, the \n submit the Username form and \W3 waits 3 minutes before sending the password into the loaded page with the password form having input focus and the final \n submit the password form.

    I find mail (if that is the section of yahoo you are logging into) has a strange behavior where it presents another page to "Re-enter Password" even though you are actually logged in after autotyping the Username and Password. I can actually get to the inbox without actually reentering any password by clicking on the Yahoo Mail link that comes up after clicking on the About Mail link on the page that is asking to re-enter password. Anyway, I've been using yahoo for a long, long time, but with all their recent problems, I'm moving away from it.

    Regarding other websites with linked-images or "click this" toggles, what I would say here is that you are correct that no one method is going to work for all websites, but generally I've found that only slight tweaks are necessary to my default autotype for a few websites. Password Safe also has a great dragbar feature that is another option and works quite well.


  • MrMe

    MrMe - 2017-01-04

    Oops! Meant to say \W3 waits 3 seconds......

  • pj fisher

    pj fisher - 2017-01-05

    valid inquiry, mrme … my yahoo-mail login could be different from yours … this is my yahoo-mail bookmark:
    this occurs on both chrome 'n firefox … i avoid using internet-explorer.

    as to my final comment in my last reply (clicks, etc.) … seems another post has just recently arrived to substantiate my claims/example:

    paraphrasing member "Rich Tomasso" post here:
    " My outlook web login didn't work with autotype either, perhaps because there is a radio input and a checkbox above the username/password, no amount of tabs or other options worked. "

    i have attached screen-shot of yahoo's sanguined protocol.

    Last edit: pj fisher 2017-01-12
  • MrMe

    MrMe - 2017-01-05

    Our yahoo final https URL are the same.

    I believe Rich Tomasso is using "Browse to URL + Autotype". I don't use this feature and would recommend "keeping the human in the loop" by first using "Browse to URL" and when the page has completed loading sending the Autotype where it needs to go or using the dragbar.

    Remember, when "Browse to URL + Autotype" is used, Password Safe is only launching the browser and has no hooks into the browser to know if or when the browser has completed loading the URL. So you would most likely need a \Wn to start off your autotype sequence, where n is a guess as to how many seconds Password Safe would wait before sending the rest of the Autotype string. Then there is also the issue of whether the Username field get the input focus for the Autotype that Password Safe will send when the browser is done loading the URL. As you can see, "Browse to URL + Autotype" can be problematic.

  • MrMe

    MrMe - 2017-01-05


    I had another thought about why the autotype sequence \u\n\W3\p\n might not have worked for you, which is what you said you first tried at sign in. You also said "...what did happen was the password-value would end up cohabitating with the email-value in the email-field..." If there was no error in your autotype sequence, this also sounds like exactly what would happen if the email address is not valid on sites like yahoo, google and microsoft that are using two-page login forms to first validate the username (which is your email address) before loading the password page. When the form with your email is submitted on the first page, if the email is not one they recongnize the next page is not loaded and the password would then autotype right next to the email address after the 3 second delay. So you have to be certain that the email address is correct to avoid this happening.

  • pj fisher

    pj fisher - 2017-01-06


    your last comment hit nail on head, mrme. what i had been inserting was member-name instead of email address. took me a couple minutes to realize / dbl--chk … but, as you first inscribed … your formula is valid … that is, if one utilizes their email address. if one chooses to use their member-name instead … then my method works.

    i also subscribe to your thoughts on browse/autotype. several years ago, i thought nothing of doing this very method … but, then started questioning myself on the security (or lack thereof).

    a'ight sergeant … i will let you get back to your nfl championships … stay cool.

    Last edit: pj fisher 2017-01-06

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

No, thanks