The two-factor authentication is only beginning to gain traction among the technology landscape, but Yahoo is already on its way to killing it, besides the password.
Yahoo has unveiled an on-demand system for generating one-time passwords upon logging in to your account, meaning you would no longer have to bear the burden from memorizing unique passwords for your social media, email and other online accounts. This innovative way frees users up from their reliance on the password and at the same time breaking the chain of the two-factor verification concept, which requires a second security factor to authenticate your identity.
In essence, a single authentication factor is the only security requirement under the on-demand system. Yahoo says it wants to bolster the security of its email service for users and protect your account from hackers with the new security concept. The intention is timely, as most Internet users are in the habit of using a single, if easy-to-guess password for multiple accounts, opening the doors to their online identity to hackers.
In contrast, a one-time use password is a significant aid in preventing this problem. Before you are able to log in to your Yahoo account, a security token will be sent to your phone, which will be entered in the security field of the login page. This way helps to avoid the password ripple effect of having a single password used for multiple accounts.
However, Yahoo warns you against losing your phone, which is the only key now to your account. Once you lose your phone, you open the gates to your digital world, and risk losing your sensitive data to hackers. And there’s nothing to prevent hackers from taking over your phone because the SMS notification that contains your on-demand single-use password will show up on the screen of your phone even when it is locked, making it easy for third-party prying eyes to take a quick look at the password.
But does this necessarily kill the two-factor authentication? There are two sides of the argument now, since Yahoo’s new approach to security renders the two-factor essentially useless. And Yahoo says this is only the beginning of its goal to transform the information security landscape. Specifically the security of everything mobile, where most users are turning their attention at present. At the same time, it is an area where users have little awareness of best practices to stay secure.
Some security experts maintain that a password manager is still more robust than any other security approach, existing or new.