Internet giant Yahoo announced a new way to let users to login to their account without the need for a password. With the new feature, when signing in, an on-demand password is texted directly to a user’s mobile phone, the company explained.
“Today, we’re hoping to make that process less anxiety-inducing by introducing on-demand passwords, which are texted to your mobile phone when you need them,” Chris Stoner, Director of Product Management at Yahoo!, wrote in a blog post. “You no longer have to memorize a difficult password to sign in to your account – what a relief!”
The on-demand password option is now available for U.S. users and aims to ease anxiety around password memorization and improve security for users, the company said.
To enable the new feature and receive on-demand passwords, users should take the following steps:
1) Sign in to Yahoo.com.
2) Click on the user name at the top right corner to go to the account information page.
3) Select “Security” in the left bar.
4) Click on the slider for “On-demand passwords” to opt-in.
5) Enter the phone number associated with the account and Yahoo will send a verification code.
6) Enter the code to login.
Speaking at the South by Southwest festival in Austin, Texas, Alex Stamos, Yahoo’s chief information security officer, said the company also plans to introduce “end to end encryption” for email this year to boost privacy protection for users concerned about snooping from governments or hackers.
“Our goal is to have this available by the end of the year,” Alex Stamos, Yahoo’s chief information security officer, told AFP. “Anybody who has the ability to write an email should have no problem using our email encryption.”
While the new feature was designed with security and ease of use in mind, some experts warned that the feature would make it easier for an attacker to gain access to a users account in some cases.
Along with the announcements, Yahoo! released a beta version of the first Yahoo specific e2e encryption plug-in source code on GitHub.
“We encourage other mail providers to build compatible solutions, and for security researchers to take a look and report any potential vulnerabilities they find via our Bug Bounty program,” Stamos wrote in a blog post.