Yahoo Allows Email Users to Literally Forget Your Password Forever: How Does It Work?

By Staff Reporter - 16 Mar '15 17:47PM

Have you ever had problems remembering your email or Facebook password? Well, Yahoo has come up with a solution that allows users to literally forget their password.

Instead of having one password with which to access their accounts, users can elect to provide Yahoo with mobile phone numbers instead. When they wish to access their accounts, Yahoo will send a text to their phones with a one-time password.

However, the new method of logging into your Yahoo email account is not compulsory. The  "on-demand passwords" is instead an alternative to the traditional username-password combo. This is different from the "two-step" password verification which requires users to enter a password, and then a code that is automatically sent to the mobile phone connected to the account.

Either on-demand passwords or the two-password feature can be turned on from the security tab on the Yahoo account information page.

Yahoo director of product management Chris Stoner writes that the new technology makes logging in "less anxiety-inducing," by eradicating the need to remember passwords. Despite it being a great idea in concept, many security professionals have mixed responses to the news.

"We need more innovation like this with authentication," says T.K. Keanini, CTO of Lancope. "Passwords are just pieces of information, and in all these strategies, we want to make it useful for the shortest amount of time but not be an administrative burden. Yahoo knows that the most personal device on a person these days is their mobile phone. And let's not stop here. Let's keep innovating even more techniques to raise the cost to our attackers."

"Yahoo just made it easier for attackers to compromise an account," says Tim Erlin, director of product management and security and IT risk strategist for Tripwire. "Ease of use is taking center stage for Yahoo, but it opens up some new attack vectors as well. Two-factor authentication is more secure, because it requires an attacker to compromise more than a single piece of information to be successful.

Fun Stuff

The Next Read

Real Time Analytics