Passwords: easily forgotten, but also easily guessed. It’s a bitter irony that minutes can be spent racking brains trying to remember whether a required security question answer is a pet’s name, first school or place of birth – meanwhile a cyber-criminal is merrily typing in a person’s favourite colour and relieving bank accounts of hard-earned wages.
Well, now Yahoo might have made the process easier – at least when it comes to accessing email.
The Californian tech giant is rolling out “on-demand” email passwords, based around phone notifications, and eliminating entirely the need to memorise a fixed password.
Yahoo Mail now offers a service similar to “two-step verification”, a security measure employed by other email providers, but the difference is the removal of the first step.
The password system is opt-in and can be accessed from Yahoo Mail’s landing page. Photograph: Yahoo screengrab
Two step verification works by a user logging in with their usual fixed password, after which the email provider sends a unique code to their mobile phone, which is then entered on the login screen, allowing the user to access their email account.
Yahoo’s new security process will remove the need for users to enter a fixed password first, and instead just send a four-letter password to a user’s phone via text.
Unveiling the service at the South by Southwest festival in Austin, Texas, Yahoo’s vice president of product management for consumer platforms Dylan Casey said: “This is the first step to eliminating passwords. I don’t think we as an industry has done a good enough job of putting ourselves in the shoes of the people using our products.”
A blog post written by the company’s director of product manager, Chris Stoner, explains the steps:
1. Sign in to your Yahoo.com account.
2. Click on your name at the top right corner to go to your account information page.
3. Select “Security” in the left bar.
4. Click on the slider for “On-demand passwords” to opt-in.
5. Enter your phone number and Yahoo will send you a verification code.
6. Enter the code and voila!
The “on-demand” password service is opt-in and currently only available in the US.
Also announced at the festival was Yahoo’s forthcoming project on end-to-end encryption. Based on Google’s alpha Chrome PGP encryption plugin, Yahoo hopes to make the service available in autumn 2015.