Yahoo: Forgot your password? No problem, just don't lose your phone.

At SXSW, Yahoo debuts its 'on-demand' password feature and demonstrates how its prototype for end-to-end encryption will be simpler for all.

|
Marcio Jose Sanchez
File- A person walks in front of a Yahoo sign at the company's headquarters in Sunnyvale, Calif.

While Google and Microsoft are looking to futuristic methods such as biometrics to kill the password, Yahoo is attempting to boost security with simplicity.

The tech giant announced at the 2015 South by Southwest festival (SXSW) that “on-demand” passwords are now available for Yahoo e-mail users. It works by the company sending short, temporary passwords via text messages that individuals can use to access their e-mail.

Users can sign up by logging into their Yahoo account with their normal password and accessing the on-demand feature through the security setting. Once activated and an account holder’s phone is registered, the password field will be replaced by a "send my password" button. Yahoo will then text a four-character passcode that can be used one time to enter an account.

This process is referred to as "two-factor authentication" and is already used by many services, including Gmail. The two-step process works by users entering their password and a company sending a correlating password, but Yahoo is attempting to subtract a step by allowing users to have the second password sent directly to phones without entering their personalized code.

“This is the first step to eliminating passwords," says Dylan Casey, Yahoo's vice president of product management for consumer platforms, in an interview with CNET at the festival.

The new security measure is meant to address the vulnerabilities that weak and overused passwords expose consumers to, though the system is not perfect.

Some have pointed out that users will only be able to access Yahoo e-mail with a cell and Internet connection (which can be a problem on a flight), but there are more pressing issues, such as if someone loses their phone. The on-demand alerts appear on a mobile’s locked screen, so another person has the potential to breach a Yahoo account without identifying the personal password to the e-mail. Additionally, hackers (of all kinds) still have the capability to break into phones, but the on-demand feature option is expected to be the first phase in Yahoo’s plans to beef up e-mail security.

Password management sites, such as 1Password or LastPass, and basic knowledge of online security are still the best methods to prevent against prying eyes.

In addition to helping users secure passwords, Yahoo is also looking to simplify the encryption process for customers.

Last August, Yahoo announced it would be offering end-to-end encryption sometime in 2015. This type of security measure differs from the basic SSL encryption, which is used automatically with Web mail, because instead of allowing the service provider to see the e-mail, only the sender and receiver can read the message.

During a SXSW presentation, Yahoo showed off its unfinished product by comparing its new encryption method to a more traditional technique. A side-by-side video displayed how the process took about a minute for a Yahoo user, while the Mac OS user was left in the dust.

Yahoo has also partnered with Google, who plans on offering its own end-to-end version, to extend the service. This is important for end-to-end encryption because it requires the cooperation of both e-mail providers for a message to remain private.

In an interview with The Washington Post, Yahoo information security chief Alex Stamos explained that for an encryption tool to be effective, it has to be basic enough for everyday users, yet strong enough to protect those facing more “advance threats,” such as activists and journalists in nations that stifle free speech.

"What we're trying to do at Yahoo is build our products so they're safe and trustworthy, not just secure," Mr. Stamos told the Post. Yahoo says it understands that convincing people to take this extra step for security requires the process to be as easy as possible and should entail no more than a few clicks.

Yahoo plans to roll out the end-to-end encryption feature by the end of 2015.

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Yahoo: Forgot your password? No problem, just don't lose your phone.
Read this article in
https://www.csmonitor.com/Technology/2015/0316/Yahoo-Forgot-your-password-No-problem-just-don-t-lose-your-phone
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe