Yahoo is testing out a new on-demand password option for its email service that could spare you from remembering complicated strings of characters -- or worse, from using simplistic and insecure passwords. Shown at SXSW, the feature works like two-step authentication, except you actually skip the first step of entering your password. Just request a code when you want to log in and one will be sent to your smartphone via text message or Yahoo’s mobile app.
Like many others, Yahoo also offers a two-step authentication option, which is inherently more secure. But “on-demand” passwords hope to strike a balance between convenience and security -- presumably as long as your smartphone doesn’t fall into the wrong hands.
Dylan Casey, Yahoo’s vice president of product management, says Yahoo will be introducing authentication methods that are more secure than SMS. Another executive also confirmed that the long-term goal is to transition its users away from passwords in favor of more secure options.
The on-demand password option is now available for US users.
In addition to this, the company also showed off some progress regarding its end-to-end encryption plugin for Yahoo Mail. The system is built off of a Chrome extension from Google itself that's still in the alpha stage of development. As shown in the video below, it will make securing your email communication much more user-friendly compared to traditional methods.
Yahoo information security chief Alex Stamos says the idea is to offer something that’s simple enough for everyday users and strong enough to protect. But he doesn’t expect users to suddenly start using it for everything. Instead, he imagines end-to-end being a handy feature to have around when you need to send messages containing sensitive information.
The company is releasing the code behind the plug-in for public review and hopes for end-to-end encryption to go live by the end of the year.