Yahoo wants you to kill your passwords

Web giant adds secure notifications to Finance, Fantasy, Mail, Messenger and Sports apps

Yahoo is intensifying its mission to "kill the password" with the release of a new account login process for Yahoo apps.

The web services provider stated its intentions to ditch the password a year ago, when it announced its plans to introduce "on-demand passwords" that would be texted to a user's mobile devices.

Now those plans have been polished and rolled into a new login method, Yahoo Account Key.

The service works by sending Yahoo users a push notification on their mobile phone for them to approve whenever they attempt to sign into their Yahoo account from a new desktop browser.

Once the user receives the notification and taps the approval button, they will immediately be signed in.

"Passwords can be a hassle they're easy to lose track of and forget, or they are weak passwords that are vulnerable to hacking. At Yahoo, we are moving fast in our mission to kill the password' and make it easier for users to sign in without sacrificing security," said Yahoo product manager Lovlesh Chhabra in a blog post.

This new login method will appear for Yahoo Finance, Fantasy, Mail, Messenger, and Sports for iOS and Android.

Yahoo claimed this method of account verification is more secure than passwords. However, the company also said users must not sign out of their Yahoo app or turn off notifications "as this will prevent you from receiving your Account Key push notification".

Yahoo is not alone in its decision to explore new methods of user verification. Other web service providers have also been taking steps to move away from account passwords.

Bad passwords are one of the biggest reasons people's accounts are hacked, with the most commonly used password in 2015 being '123456'.

Music identification app Shazam does not use passwords at all, instead sending a verification email to the users when they attempt to sign to the app for the first time on a new device.

Google offers its Google Authentication app, which is used as an additional layer of verification, via randomised passcodes on the user's mobile device, for selected web services.

And the latest Apple devices, such as the iPhone SE and iPad Pro, include fingerprint sensors which enable user to confirm their identify simply by holding their finger to the devices home button.

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Recommended

How LogPoint uses MITRE ATT&CK
Whitepaper

How LogPoint uses MITRE ATT&CK

15 Jan 2021
Weekly threat roundup: Microsoft Defender, Adobe, Mimecast
vulnerability

Weekly threat roundup: Microsoft Defender, Adobe, Mimecast

14 Jan 2021
Mimecast admits hackers accessed users’ Microsoft accounts
Security

Mimecast admits hackers accessed users’ Microsoft accounts

13 Jan 2021
What is public key infrastructure (PKI)?
Security

What is public key infrastructure (PKI)?

12 Jan 2021

Most Popular

IT retailer faces €10.4m GDPR fine for employee surveillance
General Data Protection Regulation (GDPR)

IT retailer faces €10.4m GDPR fine for employee surveillance

18 Jan 2021
Citrix buys Slack competitor Wrike in record $2.25bn deal
collaboration

Citrix buys Slack competitor Wrike in record $2.25bn deal

19 Jan 2021
Should IT departments call time on WhatsApp?
communications

Should IT departments call time on WhatsApp?

15 Jan 2021