Internet giant Yahoo announced a new way to let users to login to their account without the need for a password. With the new feature, when signing in, an on-demand password is texted directly to a user’s mobile phone, the company explained.
“Today, we’re hoping to make that process less anxiety-inducing by introducing on-demand passwords, which are texted to your mobile phone when you need them,” Chris Stoner, Director of Product Management at Yahoo!, wrote in a blog post. “You no longer have to memorize a difficult password to sign in to your account – what a relief!”
The on-demand password option is now available for U.S. users and aims to ease anxiety around password memorization and improve security for users, the company said.
To enable the new feature and receive on-demand passwords, users should take the following steps:
1) Sign in to Yahoo.com.
2) Click on the user name at the top right corner to go to the account information page.
3) Select “Security” in the left bar.
4) Click on the slider for “On-demand passwords” to opt-in.
5) Enter the phone number associated with the account and Yahoo will send a verification code.
6) Enter the code to login.
Speaking at the South by Southwest festival in Austin, Texas, Alex Stamos, Yahoo’s chief information security officer, said the company also plans to introduce “end to end encryption” for email this year to boost privacy protection for users concerned about snooping from governments or hackers.
“Our goal is to have this available by the end of the year,” Alex Stamos, Yahoo’s chief information security officer, told AFP. “Anybody who has the ability to write an email should have no problem using our email encryption.”
While the new feature was designed with security and ease of use in mind, some experts warned that the feature would make it easier for an attacker to gain access to a users account in some cases.
Along with the announcements, Yahoo! released a beta version of the first Yahoo specific e2e encryption plug-in source code on GitHub.
“We encourage other mail providers to build compatible solutions, and for security researchers to take a look and report any potential vulnerabilities they find via our Bug Bounty program,” Stamos wrote in a blog post.
For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.
More from Mike Lennon
- ‘No Evidence’ of Cyberattack Related to FAA Outage, White House Says
- SecurityWeek to Host 2022 ICS Cybersecurity Conference October 24-27 in Atlanta
- Google Completes $5.4 Billion Acquisition of Mandiant
- Cybersecurity Firm ZeroFox Begins Trading on Nasdaq via SPAC Deal
- HUMAN Security and PerimeterX Merge on Mission to Combat Bots
- Last Call: CFP for ICS Cybersecurity Conference Closes July 15th
- Johnson Controls Acquires Tempered Networks to Shield Buildings From Cyberattacks
- Snowflake Launches Cybersecurity Workload to Find Threats Across Massive Data Sets
Latest News
- Former Ubiquiti Employee Who Posed as Hacker Pleads Guilty
- Cyber Insights 2023: Venture Capital
- Atlassian Warns of Critical Jira Service Management Vulnerability
- High-Severity Privilege Escalation Vulnerability Patched in VMware Workstation
- Exploitation of Oracle E-Business Suite Vulnerability Starts After PoC Publication
- China Says It’s Looking Into Report of Spy Balloon Over US
- GoAnywhere MFT Users Warned of Zero-Day Exploit
- Google Shells Out $600,000 for OSS-Fuzz Project Integrations
