Yahoo's New Disposable Passwords
Written by Lucy Black   
Tuesday, 17 March 2015

Yahoo has introduced on-demand passwords for accessing email accounts, doing away with the need to remember a strong password. Is this an idea that will catch on?

Yahoo's new scheme means that you can choose to do without a strong, and potentially difficult to remember password for Yahoo.

In the blog post announcing the new log-in procedure Chris Stoner, outlines the advantage of on-demand passwords:

We've all been there... you're logging into your email and you panic because you've forgotten your password. After racking your brain for what feels like hours, it finally comes to you. Phew!


Today, we're hoping to make that process less anxiety-inducing by introducing on-demand passwords, which are texted to your mobile phone when you need them. You no longer have to memorize a difficult password to sign in to your account - what a relief!

The idea of an on-demand passcode will be familiar to many from online banking - but in that context it is additional authentication and users still have to provide a password every time they access their accounts.

The difference with Yahoo's use of passcodes that it is instead of a password and once you have provided your mobile phone number and gone through the initial verification step future log-ins will use a new one-time code sent to your phone.

 

Yahooondempasswd2

 

The on-demand option is already available to Yahoo's US customers to implement it a user selects it in the Account Security section of their account information:  

 

Yahooondempassword

 

Future log-ins now need just your account user name and your mobile phone.

Is this secure?

Well phones can be stolen and user names can be guessed at. If someone has your phone they probably have enough information to work out your user name. The problem with memorizing "strong" user names is similar to that of strong passwords. If you make it difficult for someone else to discover it, you may find it difficult to recall yourself.

And what if you want to log into your email and discover you've not got your phone with you?

So what seems like a simplification just adds a different set of problems.

As a developer, you quickly discover that making accounts easily accessible to  legitimate users while at the same time secure from unauthorized access is beset with problems. 

A mobile phone is not a key to a secure account. 

 

yahoopasswordsq

 

 

 

More Information

Yahoo!

A New, Simple Way to Log In 

Related Articles

Yahoo Launches Games Network

Yahoo Boosts Search Share

 

To be informed about new articles on I Programmer, install the I Programmer Toolbar, subscribe to the RSS feed, follow us on, Twitter, FacebookGoogle+ or Linkedin,  or sign up for our weekly newsletter.

 

Banner


What Languages Do Devs Want to Learn?
17/11/2020

Python, of course. What comes as a surprise is the size of the margin between Python and the rest of the pack. The other unexpected finding is that JavaScript doesn't even make it into the top 10. So, [ ... ]



.NET For Apache Spark Updated
05/11/2020

The .NET bindings for Spark have been updated. The new 1.0 version adds support for .NET apps targeting .NET Standard 2.0 or later, as well as support for Apache Spark DataFrame APIs.


More News

 

square

 



 

Comments




or email your comment to: comments@i-programmer.info

Last Updated ( Tuesday, 17 March 2015 )