Yahoo! launches! password-free! push! logins! for! mobes!
'Death to passwords', cries Purple Palace
Yahoo! has launched a password-free method of logging into its mail and online services that prompts users to approve access through a mobile push notification.
The Yahoo! Account Key service is another blow to passwords, and the second dealt by the Purple Palace since it rolled out SMS two-factor authentication in March.
Product management vice president Dylan Casey says the new gizmo is "elegant", as long as users don't lose their mobes.
"Passwords are usually simple to hack and easy to forget," Casey suggests.
"Account Key streamlines the sign-in process with a secure, elegant and easy-to-use interface that makes access as easy as tapping a button.
"It’s also more secure than a traditional password because once you activate Account Key – even if someone gets access to your account info – they can’t sign in."
The service has been rolled out globally for Yahoo!'s Mail app and will be added to other Purple Palace apps later this year.
It is unclear but appears that the latest mechanism would replace Yahoo!'s On Demand SMS password system it released in March. That service allowed users to log into their Yahoo! accounts using one time passwords sent to their handsets through SMS.
Pundits said at the time that the SMS system was broadly a step in the right direction.
However SMS is not a secure method of authentication against targeted attacks since phone numbers can be easily ported - and therefore all texts and phone calls too - by social engineers who possess a little Facebook information on their victims. ®