
Last year when we developed Automatic Organizer, our Yahoo! Mail application, we used Browser-Based Authentication (BBAuth) to connect OtherInbox to Yahoo! Mail accounts. BBAuth allowed Yahoo! Mail users to authorize OtherInbox to connect to their email accounts without needing to give up their Yahoo! passwords.
This was great! It allowed us to connect to Yahoo! Mail accounts and still provide our users the safety and protection of never giving out their Yahoo! passwords. In addition, our users could disconnect from OtherInbox from their Yahoo! Mail settings if they desired.
However, using BBAuth to access Yahoo! Mail accounts proved to have a couple limitations:
- If the user changed his or her Yahoo! password, the OtherInbox connection was broken.
- We had to create an OtherInbox account for each user. This meant each user had another username and password to keep track of.
Two things happened after our application was created that allowed us to improve the user experience immensely. Last September, Yahoo! announced support for the OpenID OAuth Hybrid Protocol. This powerful protocol allows Yahoo! users to sign in to external sites and allow for two-way data sharing all in one step. This potentially meant our users would no longer need an OtherInbox login.
Second, earlier this year Yahoo! introduced an OAuth API for Yahoo! Mail for all Yahoo! Mail accounts. Now, we could take advantage of the Hybrid Protocol to offer our Yahoo! Mail Organizer users a greatly enhanced experience.
The advantages?
- A user changing his or her Yahoo! password no longer breaks the OtherInbox connection
- Users can sign in to OtherInbox with their Yahoo! username and password
For our users, this meant no longer needing to remember another username and password. Because of the Hybrid Protocol, the signup process (and setting up OAuth and OpenID) is completed in just one step.

We also experienced some positive changes. When we used BBAuth, we received many inquiries from our users about how to access their OtherInbox account. We had to create an OtherInbox account for every new user with a unique username and password.
Despite our best efforts, many users would still be confused. Some would try their Yahoo! credentials to sign in to OtherInbox and subsequently get locked out. We would receive 100-200 inquiries like this every month.
After taking advantage of the Hybrid Protocol, these inquiries have dropped to effectively zero. We have also seen some evidence that our deactivation rate has dropped, especially amongst new users who have had Organizer installed for less than 30 days.
Overall, we believe switching to OAuth and OpenID allows us to provide our users a far superior experience and provides us with a product that will have higher conversion and retention rates.