Tired of forgetting your password? Yahoo says you don't need one any more

Tired of forgetting your password? Yahoo says you don't need one any more

Passwords: easily forgotten, but also easily guessed. It’s a bitter irony that minutes can be spent racking brains trying to remember whether a required security question answer is a pet’s name, first school or place of birth – meanwhile a cyber-criminal is merrily typing in a person’s favourite colour and relieving bank accounts of hard-earned wages.

Well, now Yahoo might have made the process easier – at least when it comes to accessing email.

The Californian tech giant is rolling out “on-demand” email passwords, based around phone notifications, and eliminating entirely the need to memorise a fixed password.

Yahoo Mail now offers a service similar to “two-step verification”, a security measure employed by other email providers, but the difference is the removal of the first step.

The password system is opt-in and can be accessed from Yahoo Mail’s landing page. Photograph: Yahoo screengrab

Tired of forgetting your password? Yahoo says you don't need one any more

Two step verification works by a user logging in with their usual fixed password, after which the email provider sends a unique code to their mobile phone, which is then entered on the login screen, allowing the user to access their email account.

Yahoo’s new security process will remove the need for users to enter a fixed password first, and instead just send a four-letter password to a user’s phone via text.

Unveiling the service at the South by Southwest festival in Austin, Texas, Yahoo’s vice president of product management for consumer platforms Dylan Casey said: “This is the first step to eliminating passwords. I don’t think we as an industry has done a good enough job of putting ourselves in the shoes of the people using our products.”

A blog post written by the company’s director of product manager, Chris Stoner, explains the steps:

1. Sign in to your Yahoo.com account.

2. Click on your name at the top right corner to go to your account information page.

3. Select “Security” in the left bar.

4. Click on the slider for “On-demand passwords” to opt-in.

5. Enter your phone number and Yahoo will send you a verification code.

6. Enter the code and voila!

The “on-demand” password service is opt-in and currently only available in the US.

Also announced at the festival was Yahoo’s forthcoming project on end-to-end encryption. Based on Google’s alpha Chrome PGP encryption plugin, Yahoo hopes to make the service available in autumn 2015.


Google and Yahoo Encrypting Ad Network Connections

Google and Yahoo in separate announcements said they will individually encrypt ad network connections to reduce bot traffic and other types of ad fraud. The news coincides with the release of Malwarebytes Labs findings last week. Researchers found malvertising in Flash ads involving the DoubleClick ad network. The two companies have support. The Interactive Advertising ...

Yahoo Rolls Out End-To-End Encryption For Email

Back in 2012 (pre-Snowden!), we wrote about why Google should encrypt everyone's emails using end-to-end encryption (inspired by a post by Julian Sanchez saying the same thing. Since then, securing private communications has become increasingly important. That's why we were happy to see Google announce that it was, in fact, working on a project to ...

Yahoo puts email encryption plugin source code up for review

Yahoo released the source code for a plugin that will enable end-to-end encryption of email messages, a planned data-security improvement prompted by disclosures of U.S. National Security Agency snooping. The company is asking security experts to look at its code, published on GitHub, and report vulnerabilities, wrote Alex Stamos, Yahoo’s chief information security officer, in ...

Iran blocks encrypted messaging apps amid nationwide protests

For the past six days, citizens have taken to the streets across Iran, protesting government oppression and the rising cost of goods. Video broadcasts from the country have shown increasingly intense clashes between protesters and riot police, with as many as 21 people estimated to have died since the protests began. But a complex fight ...