Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Identity & Access

Yahoo! Launches Password-Free Login Feature

Internet giant Yahoo announced a new way to let users to login to their account without the need for a password. With the new feature, when signing in, an on-demand password is texted directly to a user’s mobile phone, the company explained.

Internet giant Yahoo announced a new way to let users to login to their account without the need for a password. With the new feature, when signing in, an on-demand password is texted directly to a user’s mobile phone, the company explained.

“Today, we’re hoping to make that process less anxiety-inducing by introducing on-demand passwords, which are texted to your mobile phone when you need them,” Chris Stoner, Director of Product Management at Yahoo!, wrote in a blog post. “You no longer have to memorize a difficult password to sign in to your account – what a relief!”  

The on-demand password option is now available for U.S. users and aims to ease anxiety around password memorization and improve security for users, the company said.

To enable the new feature and receive on-demand passwords, users should take the following steps:

1) Sign in to Yahoo.com.

2) Click on the user name at the top right corner to go to the account information page.

3) Select “Security” in the left bar.

4) Click on the slider for “On-demand passwords” to opt-in.

5) Enter the phone number associated with the account and Yahoo will send a verification code.

6) Enter the code to login.

Speaking at the South by Southwest festival in Austin, Texas, Alex Stamos, Yahoo’s chief information security officer, said the company also plans to introduce “end to end encryption” for email this year to boost privacy protection for users concerned about snooping from governments or hackers. 

“Our goal is to have this available by the end of the year,” Alex Stamos, Yahoo’s chief information security officer, told AFP. “Anybody who has the ability to write an email should have no problem using our email encryption.”

While the new feature was designed with security and ease of use in mind, some experts warned that the feature would make it easier for an attacker to gain access to a users account in some cases.

Along with the announcements, Yahoo! released a beta version of the first Yahoo specific e2e encryption plug-in source code on GitHub.

“We encourage other mail providers to build compatible solutions, and for security researchers to take a look and report any potential vulnerabilities they find via our Bug Bounty program,” Stamos wrote in a blog post.

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Expert Insights

Related Content

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Identity & Access

Strata Identity has raised $26 million in a Series B funding round led by Telstra Ventures, with additional investment from Forgepoint Capital, Innovating Capital,...

Application Security

Software maker Adobe on Tuesday released security patches for 29 documented vulnerabilities across multiple enterprise-facing products and warned that hackers could exploit these bugs...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Funding/M&A

Identity and access governance vendor Saviynt has closed a $205 million financing round.