Yahoo! wheels! out! password! on-demand! service! for! simpletons!
Likely to be a godsend for amnesiacs and people who can't cope with 2FA
Yahoo! is trialling a service that removes the need to remember your passwords, providing users aren't so absent-minded they don't also lose or mislay their mobile phones.
The on-demand password service allows registered users to get a short password sent to their phone. On-demand passwords is an opt-in service, initially only available in the US.
Users would still have the task of typing in a one-time password, they just wouldn't have to remember it. Anyone who had access to their phone could impersonate a user – a massive risk, particularly when so many social media accounts are linked to webmail accounts for password reset purposes.
The potential for pranks and worse that would leave victims in the awkward situation of explaining away inappropriate posts is massive, without even thinking about the implications for online banking.
Hackers covet webmail login passwords, as evidenced by the trade for login credentials on black market forums. The feature trades the mild inconvenience of having to remember a password for webmail for a substantial security headache.
Andy Kemshall, co-founder and technical director at SecurEnvoy commented: “Yahoo’s announcement that it plans to eliminate passwords will be a huge step back in securing personal information. First, at point of login, users expect and are used to instant access to their accounts but with Yahoo adopting only one step of authentication this will make the email account less secure but also add a layer of inconvenience to the user with them having to wait around for a password to be sent via SMS."
“Secondly, think of it this way, if all ATM’s removed the need for pin numbers, and all you needed to do was put your card in and cash came out, despite being incredibly quick and convenient, if the card is lost, you have opened a major gateway to your money. The same applies for this plan Yahoo are introducing," he concluded.
Chris Stoner, Yahoo! director of product management, announced the service at the SXSW conference over the weekend, which also saw the separate demo by Yahoo! of a PGP webmail plug-in, which is due for general release by the end of the year. ®