Now Reading
Yahoo Demos Password-Free Logins and End-To-Encrypted Email

Yahoo Demos Password-Free Logins and End-To-Encrypted Email

by Neil SardesaiMarch 18, 2015

It’s no secret that governments around the world are doing their best to snoop on civilian communications. Intelligence organisations like the NSA and CIA have tried everything, from infecting hard drive firmware to targeting popular mobile devices. Since Edward Snowden’s reports about government surveillance, technology companies have started boosting privacy measures to protect users and regain their trust. 

Back in June 2014, Google announced a Chrome plugin to provide end-to-end encryption for Gmail users. Yahoo also announced that it was working on a version of Google’s plugin for Yahoo Mail users. Just recently, Yahoo showed off the company’s progress on end-to-end at the SXSW festival in Austin, Texas and introduced a new, password-free login system.

Security vs. Usability

Yahoo Demos Password-Free Logins and End-To-Encrypted EmailMost users are reluctant to adopt strong online security measures since that often means sacrificing ease-of-use. For instance, most tech companies now support two-factor authentication, which adds an additional one-time password to your account that can only be obtained from your mobile device. While this method of authentication is significantly more secure, it also slows users down since it adds an additional step. Yahoo hopes that it can find a perfect balance between security and usability with its new authentication system.

“We’ve all been there…you’re logging into your email and you panic because you’ve forgotten your password. After racking your brain for what feels like hours, it finally comes to you. Phew!

Today, we’re hoping to make that process less anxiety-inducing by introducing on-demand passwords, which are texted to your mobile phone when you need them. You no longer have to memorize a difficult password to sign in to your account – what a relief!”

Yahoo’s “on-demand passwords” allow users to always have a strong, ever-changing password that they don’t need to memorize. While this is inherently less secure than two-factor authentication, on-demand passwords may just strike the perfect balance between convenience and security. The only problem would be if a user were to lose his/her mobile phone.

The on-demand passwords feature is available today for U.S. users to try. However, that’s not the only new security feature from Yahoo. The company has also demoed its end-to-end plugin, which Yahoo hopes to have ready for the public by the end of the year.

Yahoo’s end-to-end encryption system is a lot more user-friendly than traditional methods like GPGTools. However, it still may not be as convenient as sending a regular email, and the company doesn’t expect users to use end-to-end for everything. As Yahoo’s security chief Alex Stamos told the Washington Post, the majority of users’ emails would still remain unencrypted. Users would only encrypt emails containing particularly sensitive information.

“What we’re trying to do at Yahoo is build our products so they’re safe and trustworthy, not just secure.”

-Alex Stamos, Yahoo Inc. Chief of Security

Images from Shutterstock.

Advertised sites are not endorsed by us. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
What's your reaction?
Love it
Hate it
  • StoneAge

    What will Yahoo do when I cannot receive a text where I am? Will there be a “Phone me” option? That is the only thing I can get to work for two factors in Belize. I do NOT get texts from over seas.

  • Dwallin60

    If ever there was a time to observe & recon to the warnings of Snowden, it is now. I am disappointed, but not surprised that Yahoo chooses to compromise network security

  • Dwallin60

    why not offer a 2-tier choice within Yahoo parameters so l can voluntary opt-in for which ever one best serves CHOICE for level of security and not Yahoo’s CIO “security chief”. Quit taking away our choices, please.

  • ΔИθᴎЎϻɸᵿƧ

    I use a nice long, strong Yahoo alphanumeric and symbolic password that’s stored with LastPass, a good password manager which I believe has been hacked only once. I’ve never had a problem with it, and it’s perfect for my needs. I can imagine that all my passwords, over time, collectively, have most probably been hammered at quintillions of times, or even more, without success. That’s because I usually make them up with the maximum number of random characters a site will allow. Somebody’s gonna have to get up pretty damn early in the morning to get into my stuff :o)

    Two factor authentication is currently being used with Google and cryptocurrency sites such as Coinbase. This wouldn’t be needed at all if people would only use password managers and long, strong passwords, but people in general typically choose convenience over security. Although a bit more difficult, they don’t suspect that a longer password like “[email protected]!T” can be fairly easy to hack, even with the “micro” symbol (µ) in it. They also cannot imagine why a complete stranger would want access to their email account, and figure that a simple password like “132546” will suffice.

    A lot of people who are not independently wealthy, like me, need money for bills, but don’t necessarily like to work for it, even if many of us enjoy our work and take pride in it. I’m one of those, but others simply go to work, and then don’t do any work, or as little as possible, until they’re fired. In my experience, this is typical of young people who were born in a post-Reagan world, after 1988.

    And then there are still others who cannot imagine performing manual labor for a living. Learning white hat computer skills is fine; I can do a certain amount of that myself since I always build my own desktop and laptop computers, and can repair them. However, I prefer to go the pre-www route, or the era prior to the mid-1990’s. At the time, I was already in my 30’s, and had always had a real world, brick and mortar job.

    First, understand that the internet was invented as ARPANET by the military in 1969. It is considerably older than the world wide web, or www. As the internet and the www mature over time, it’s the black hat computer skills which ought to be discouraged. Two factor authentication and one-time passwords should go a long way to providing good network security, without sacrificing a lot of convenience.

  • andrea

    good bye Yahoo, hello

  • RJF

    Yahoo? Who’s that?