Select a region
The great catch 22 with passwords is that they can be seemingly be just as easily guessed by rogue elements as they are forgotten by you. But Yahoo thinks it has the answer.
The internet company has this week unveiled a new system of ‘on-demand’ passwords which eliminate the need to remember a log-in, instead relying on phone notifications.
The system works by sending a code, via text message, to a user’s phone when they want to log in to view their email account. Having signed up to the service, which is optional at the moment, users can request a code whenever they want to sign on to their email account.
Yahoo says it removes the need for customers to choose and then memorise a suitably secure password, instead sending an access code directly to their phone whenever they need it.
Speaking at the South by Southwest (SXSW) technology fair where it was announced, Yahoo’s Dylan Casey said: “This is the first step to eliminating passwords. I don’t think we as an industry has done a good enough job of putting ourselves in the shoes of the people using our products.”
A blog post on the Yahoo website explained how users can set-up on-demand passwords via the Security page of the Yahoo website. Once you enter your phone number, Yahoo will send you a verification code – though for now the service is only available in the US.
However, judging by how keen Yahoo appear to be in pushing this, it’s only a matter of time before the system goes global.
Password and general cyber security remains a hot topic after the high-profile breaches that littered 2014, especially after the brute force attack on iCloud passwords which led to the posting online of explicit photos of a range of celebrities, including actress Jennifer Lawrence.
eBay, Mumsnet and Sony Pictures were also the victims of high-profile attacks that saw usernames and passwords compromised.
The experts remain divided on the issue. Kevin Epstein, from online security experts Proofpoint, said: “The market tends to establish the validity of new features in any high-tech product. If consumers feel a feature is valuable, clearly other providers will be compelled to provide it to remain competitive.
“Such encryption would assist in preventing email in-flight from being ‘tapped’, but by the same token may assist attackers in evading corporate attack-prevention screens and filters.”
Mark James, a security specialist at anti-virus firm ESET, said: “I am not a firm believer in getting rid of passwords as I think they have a place alongside other forms of security to establish a layered approach.
“This process will help some who struggle with long complex passwords and enable them to have a much better level of security rather than using an insecure Pa$$w0rd as their password.”
