IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Yahoo wants to kill off email passwords

Forget passwords: Yahoo will send one-time codes to your phone instead

You needn't fear about forgetting your password anymore, with Yahoo getting rid of them for users of its email service.

Instead, the tech giant hopes to provide greater security by texting one-time passwords to customers' phones, so all they have to remember is their log-in username.

Yahoo hopes to make its free email less susceptible to hackers, with Password' and 123456' proving to be the most popular passwords in 2014, according to security firm SplashData's latest annual survey.

Chris Stoner, director of product management at Yahoo, said in a blog post: "We're hoping to make that [log-in] process less anxiety-inducing by introducing on-demand passwords, which are texted to your mobile phone when you need them.

"You no longer have to memorise a difficult password to sign in to your account - what a relief!"

The opt-in service is currently only available in the US, where customers wishing to try it out must sign into their Yahoo email account as normal. Then, they can go into their account information listed under their profile, click on "security" and choose to enable "on-demand passwords".

By entering their phone number, users receive a verification code that sets them up to use the new service.

The next time users sign in, instead of a password box, there will be a button saying "send my password" clicking it will prompt Yahoo to text you a four-character password.

But security analyst Graham Cluley was less than impressed, warning that your email could be hacked simply by you misplacing your phone.

"Personally I would baulk at the idea of my online bank offering access via that method," he told IT Pro. "After all, if access to your account is only controlled by who has access to your phone that's not a good thing.

"How many of us can put our hands on our hearts and say that we have never left our smartphone unattended somewhere, even for a short time?"

He predicted that there would be "a spate of pranksters" trying to abuse the system, adding: "What's so wrong with telling people to have a strong password instead - and perhaps promoting a password manager like 1Password and LastPass to users to encourage them to use a different, complex password for every site they use?"

The news comes after Visa announced it was working with MasterCard last year to eradicate extra passwords account holders currently must enter when making online transactions.

In contrast to Cluley, Chris Boyd, malware intelligence analyst at security firm Malwarebytes, welcomed Yahoo's move to get rid of existing password technology.

"It remains to be seen how vulnerable to attack the service is, but it can only be a good thing that a well-known brand in the technology field is seeking different ways to revamp the password," he said.

But he questioned whether it would improve on two-factor authentication, where users must provide two proofs of their identity by, for example, providing a password and a fingerprint.

"Anything that simplifies the log-in process is always potentially a good thing, though I'd choose two factor over so-called one factor' any day," said Boyd.

He added that Yahoo now boasts as secure a free email service as any rival, with the new tool in addition to other security measures it already has, including two-factor authentication and unusual log-in activity detection.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

Apple, Google, Microsoft expand their support for password-less sign-ins
cyber security

Apple, Google, Microsoft expand their support for password-less sign-ins

6 May 2022
NordPass teams up with insurance provider Cowbell Cyber to improve security awareness
cyber security

NordPass teams up with insurance provider Cowbell Cyber to improve security awareness

18 Feb 2022
NCA donates 225 million passwords to Have I Been Pwned
cyber security

NCA donates 225 million passwords to Have I Been Pwned

21 Dec 2021
Top 200 most common passwords of 2021 revealed
cyber security

Top 200 most common passwords of 2021 revealed

10 Dec 2021

Most Popular

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
IT admin deletes company’s databases and is jailed for seven years
Policy & legislation

IT admin deletes company’s databases and is jailed for seven years

16 May 2022