Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    A Look at Yahoo’s Promise of a Password-Free Email Service

    By
    Sean Michael Kerner
    -
    October 16, 2015
    Share
    Facebook
    Twitter
    Linkedin
      Yahoo password free email

      Yahoo Mail, which is celebrating its 18th birthday this month, has evolved over the years in many ways. Yahoo announced a new version of its Mail service this week, promising users a new way to secure access that doesn’t require passwords.

      The cornerstone of Yahoo’s password-less approach to Mail access is a technology the company is calling Yahoo Account Key. In a Tumblr post, Dylan Casey, vice president of product management at Yahoo, explained that Account Key makes use of push notification on a mobile device to provide users with an easy way to access a Yahoo account.

      “Account Key streamlines the sign-in process with a secure, elegant and easy-to-use interface that makes access as easy as tapping a button,” Casey said. “It’s also more secure than a traditional password because once you activate Account Key—even if someone gets access to your account info—they can’t sign in.”

      Security experts eWEEK contacted expressed skepticism about the password-less future that Yahoo is now promising.

      Passwords have been an absolute bane for users for a long time, said Jake Kouns, chief information security officer at Risk Based Security. “No one likes to have to remember a password, or worse yet, be forced to change it regularly,” Kouns told eWEEK. “At Risk Based Security, we have tracked over 268 million accounts and credentials exposed and many are leading to data breaches, so there definitely needs to be a better solution than just passwords.”

      If Yahoo can successfully come up with a secure approach that effectively removes the need for passwords, it will definitely be appealing to users, Kouns said. However, he added, “On the surface, Yahoo’s approach has outlined removing passwords, but unfortunately, actually appears to not be truly improving security.”

      Yahoo’s approach is moving away from what many consider to be a tried-and-true best practice of using two-factor authentication that includes a combination of something a user has and something a user knows.

      “Regardless, if the Yahoo approach is more secure, it doesn’t appear to be worse that what is already implemented for most email providers,” Kouns said. “If it makes life better for users, they will most likely be happy users.”

      Lance James, cyber-security and intelligence advisor for Unit 221b, said that the Yahoo password-less approach is “gimmicky” and doesn’t really make a massive dent in the problem. “The fact that you have to use your phone number for this is ill-advised, mainly because it’s another piece of data that’s traded out instead of a password,” James said. “The one step is interesting, but the phone or smartwatch device shouldn’t be assumed to be trusted or unlocked or left around somewhere that someone can get it.”

      There is a simple attack vector against the new system, given that mobile device malware is a growing problem, James said, adding that if an attacker is somehow able to compromise a phone, the Yahoo password-less system is a risk.

      “If they [attackers] merely find out the Yahoo user name and log in to Yahoo with a compromised Android phone [which is more likely than with an iPhone], it’s quite easy for them to forward the text or just hit the ‘yes’ button without the user being notified,” James said.

      Yahoo’s new approach isn’t going to make much of a difference, James said. “I don’t think in the long run this feature makes a major impact against many of the common attacks,” he added.

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.

      MOST POPULAR ARTICLES

      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×