Science

Yahoo aims to phase out passwords with new service Account Key

Yahoo's next step in password security is to eliminate them altogether.

Account Key uses smartphones to verify identities in lieu of traditional passwords

Starting on Thursday, users of the Yahoo Mail app on both iOS and Android will have access to a new service called Yahoo Account Key, which uses smartphones to verify identities in lieu of traditional passwords. (Samsung)

Yahoo's next step in password security is to eliminate them altogether.

Starting on Thursday, the company announced, users of the Yahoo Mail app on both iOS and Android will have access to a new service called Yahoo Account Key, which uses smartphones to verify identities in lieu of traditional passwords.

Here's how it works: When users who sign up for Account Key try to access Yahoo Mail, they will no longer need to enter their password. Instead, the Account Key service will send a message to the smartphone connected to the account.

With a tap on yes or no, users can indicate it is a legitimate attempt to get into the account or deny unauthorized access.

When users who sign up for Account Key try to access Yahoo Mail, they will no longer need to enter their password. Instead, the Account Key service will send a message to the smartphone connected to the account. With a tap on yes or no, users can indicate it is a legitimate attempt to get into the account or deny unauthorized access. (Yahoo)

If their smartphone is lost or stolen, users can verify identities through an email or a text message sent to alternative accounts and numbers.

In a blog post on Yahoo's Tumblr page, Dylan Casey, vice president of product management, said Account Key is more secure than traditional passwords because it prohibits anyone from signing in to access an account without the verification that Account Key provides.

Falls short of 2-factor authentication

Satnam Narang, a security manager with Symantec, called the approach "a step above a password" but said it still falls short of the golden standard of what's known as two-factor authentication, which requires users to confirm their identify with two different pieces of information.

He also expressed doubts that most users will let passwords die easily and encouraged widespread adoption of password management tools until a new verification method replaces them for good.

"I think passwords are going to be around for a little while, I don't think they're going away as soon as we'd like them to. They're so ingrained in everything we do from banking to email to shopping, you name it," Narang said.

In addition to Account Key verification, Yahoo executives announced a revamped version of Yahoo Mail that allows users to connect with, manage and search Outlook, Hotmail and AOL email accounts while signed in to their Yahoo account.

The new Mail also connects to Twitter, LinkedIn and Facebook to add photos and create "contact cards" with email, telephone and social media information for contacts. (Editing by Stephen R. Trousdale and Ken Wills)

Comments

To encourage thoughtful and respectful conversations, first and last names will appear with each submission to CBC/Radio-Canada's online communities (except in children and youth-oriented communities). Pseudonyms will no longer be permitted.

By submitting a comment, you accept that CBC has the right to reproduce and publish that comment in whole or in part, in any manner CBC chooses. Please note that CBC does not endorse the opinions expressed in comments. Comments on this story are moderated according to our Submission Guidelines. Comments are welcome while open. We reserve the right to close comments at any time.

Become a CBC Member

Join the conversation  Create account

Already have an account?

now