Yahoo Mail Update Ditches Passwords With New ‘Account Key’ Service
Yahoo’s next step in password security is to eliminate them altogether.
Starting on Thursday, the company announced, users of the Yahoo Mail app on both iOS and Androidwill have access to a new service called Yahoo Account Key, which uses smartphones to verify identities in lieu of traditional passwords.
Here’s how it works: When users who sign up for Account Key try to access Yahoo Mail, they will no longer need to enter their password. Instead, the Account Key service will send a message to the smartphone connected to the account.
With a tap on yes or no, users can indicate it is a legitimate attempt to get into the account or deny unauthorized access.
If their smartphone is lost or stolen, users can verify identities through an email or a text message sent to alternative accounts and numbers.
In a blog post on Yahoo’s Tumblr page, Dylan Casey, vice president of product management, said Account Key is more secure than traditional passwords because it prohibits anyone from signing in to access an account without the verification that Account Key provides.
He also expressed doubts that most users will let passwords die easily and encouraged widespread adoption of password management tools until a new verification method replaces them for good.
“I think passwords are going to be around for a little while, I don’t think they’re going away as soon as we’d like them to. They’re so ingrained in everything we do from banking to email to shopping, you name it,” Narang said.
In addition to Account Key verification, Yahoo executives announced a revamped version of Yahoo Mail that allows users to connect with, manage and search Outlook, Hotmail and AOL email accounts while signed in to their Yahoo account.
The new Mail also connects to Twitter, LinkedIn and Facebook to add photos and create “contact cards” with email, telephone and social media information for contacts.
Satnam Narang, a security manager with Symantec, called the approach “a step above a password” but said it still falls short of the golden standard of what’s known as two-factor authentication, which requires users to confirm their identify with two different pieces of information.