Passwords are terrible: they're inefficient and they're often insecure, too. Many leading tech companies have embraced two-factor authentication as a more secure option, but they're optional and only those particularly concerned about their digital identities take the time to set it up.
That's why Yahoo is taking a new approach, called "on demand" passwords. Like two-step authentication, you'll be sent a unique time-sensitive code through an app or a text message to your phone when you want to log in. But there's a key step missing: you won't have to type in your primary password first. That's right, with "on demand" passwords, you won't have a permanent password tied to your account that's required every time you log in. Some might even call it "one-step" authentication. When you try to sign in, you'll see a "send my password" button instead of a traditional password text box if you enable the system. The new sign-on method is available now.
"The first step to eliminating passwords."
Yahoo VP Dylan Casey called the feature "the first step to eliminating passwords," according to CNET. While that may be true, there's no denying that "on demand" passwords are inherently less secure than systems that employ two-step authentication, which Yahoo already offers as an optional feature to its users. But if "on demand" can hit the sweet spot between convenience and security, it might just be able to convince people to leave their old passwords behind. Of course, if your phone falls into the wrong hands, your accounts will be easily compromised.
This isn't the first time a company has looked into eliminating the password. The world's largest tech companies are working to find the successor to the dated password — and many are turning to biometric readers like fingerprint or eye scanners for a solution.
Yahoo Mail has never been known for its security standards, but the company is working to turn that around. Alongside "on demand," Yahoo also showed off a working version of its new end-to-end encryption system at South by Southwest today. The system is designed to make it far easier to encrypt emails, and it's built off of a Google-made Chrome extension that's still in the alpha stage. In a video demo (below), Yahoo compared its method to traditional methods, which are not particularly user-friendly.
End-to-end email encryption coming this year
Unfortunately, the system won't be automatically enabled for every email — in an interview with The Washington Post, Yahoo security chief Alex Stamos says he expects users to employ the security measure just for particularly sensitive emails. According to The Wall Street Journal, the system will still leave information like the recipient, subject line, and timestamp unencrypted, but the message contents will only be visible to the sender and receiver. Yahoo expects to have end-to-end encryption online by the end of the year.