Can Yahoo make passwords extinct?

Can Yahoo make passwords extinct?

If you own a Yahoo e-mail account, you can forget your password. Literally. The search engine announced Sunday that it has started letting e-mail users in the U.S. change the security  settings on their accounts so they can opt in to a new verification procedure.

Instead of having one password with which to access their accounts, users can elect to provide Yahoo with mobile phone numbers instead. When they wish to access their accounts, Yahoo will send a text to their phones with a one-time password.

Eliminating Passwords Altogether

The new password-on-demand option is one of two security upgrades to its e-mail system that Yahoo announced on Sunday. The company said that it was providing the option in response to worries among users about losing or forgetting their e-mail passwords.

“Today, we’re hoping to make that process less anxiety-inducing by introducing on-demand passwords, which are texted to your mobile phone when you need them,” Chris Stoner, Director of Product Management at Yahoo, wrote on the company’s Tumblr feed. “You no longer have to memorize a difficult password to sign in to your account — what a relief.”

But the move could have far broader implications than just easing the minds of some of Yahoo’s more forgetful e-mail users. The development represents the first step in eliminating passwords altogether, Yahoo vice president of product management for consumer platforms Dylan Casey said at the South by Southwest festival in Austin, Texas, according to CNET.

The new security process could make going online safer for Yahoo’s users, since temporary passwords are more secure than static ones, which hackers can steal from corporate databases.

However, while the new option may offer better protection than the standard username and password combo, it remains a much less secure option than two-factor identification, which requires users to enter both static passwords and unique codes texted to their phones. Yahoo has offered two-factor identification as an option for some time, making the company’s latest development something of a step backward in terms of overall security.

End-to-End Encryption

But the new on-demand password capability was not the only new feature Yahoo announced at SXSW. The company also said that it is working to create an e-mail extension that would provide users with end-to-end (e2e) encryption. That could ultimately prove to have a much more significant impact on e-mail security.

The extension is still in the development phase, however. The company is currently working on the source code, which it made publicly available through GitHub to solicit feedback from the security industry. Yahoo said it hopes to have a fully working version of the extension ready for release by the end of the year.

 

To read the full article, click here: http://www.cio-today.com/article/index.php?story_id=1000037XDAVS

Blog anglais, La cyber-sécurité, Mises à jour et nouvelles de l'industrie