Yahoo has just upped the ante for the security posture of its mobile apps with the release of the full and stable version of its Account Key mechanism, which is the core part of the company’s effort to wipe out the password.
In essence, Account Key is a sort of two-factor verification, only that it no longer involves the first factor, which is the password. But it does not mean the infrastructure is less secure than if it requires a password, it just makes the login task for users a lot easier.
Yahoo rolled out the tool to a sundry of apps built by the tech company, such as the Yahoo Messenger, Fantasy, Mail, Finance and Sports apps for both the Android and iOS ecosystems. The mechanism works by sending a push notification to the device of an account owner and asking the user to tap in order to log in to Yahoo.
It also helps to keep users logged in to their Yahoo account, but without altogether providing full access to services. It means that users will still have to verify their identity upon attempting to gain access to Yahoo apps, though they remain logged in on the mobile apps installed in their phone.
Eliminating the password method of security has long been the goal of Yahoo, as it believes the traditional method of security only adds to the hassle of users encumbered by the task of remembering complicated strings of characters for protecting one’s identity. Once you lose memory of your password, there’s the added burden of reporting it to the Internet firm. Or worse, your password can be guessed if it’s poorly composed, thus weak. Some Web companies nowadays no longer allow weak passwords, lest your registration will not be completed.
With the removal of passwords, users will have to heavily rely on their mobile phones to as their on-the-go means of getting access to their cyber account with Yahoo. There are options for users when they opt in to the Account Key mechanism: they can request an on demand password to be sent to their mobile phone which they can use to log in to Yahoo.
Yahoo believes the future must be password-free, consistent with the lamentations of privacy proponents who think passwords are obsolete and must be replaced. However, it remains unclear what Yahoo hopes for a password-less login in the long run.
The password-less mechanism is part of Yahoo’s long-term goal to address privacy concerns of users.