Yahoo Account Key is just a less-secure two-factor authentication

Yahoo sign

photo via Scott Schiller/Flickr (CC BY 2.0)

What is Yahoo doing?

Yahoo thinks it knows how to eliminate passwords.

On Thursday, the company unveiled a password-free sign-in experience called Yahoo Account Key. The service uses push notifications let people into their accounts.

Account Key sends a prompt to a user’s phone whenever they sign in. The notification allows the person to grant or deny access to their account.

Account Key is essentially a streamlined version of two-factor authentication without the first factor—the password itself. The whole idea of 2FA is to require two pieces of information that confirm the identity of the user—in most cases, a password and a temporary code sent to a phone or tablet.

Yahoo’s approach relies on the phone’s own login security—a PIN code or fingerprint—as the second factor.

If you lose your phone, you’ll still be able to get past Account Key and into your account by verifying your identity through an alternate email or phone number. 

Earlier this year, Yahoo previously rolled out a login system called “on-demand passwords” that sent a temporary verification code to a phone that could act in place of a password. With Account Key, Yahoo has taken things one step further.

A revamped version of Yahoo Mail is the first service to get the new Account Key authorization system. Yahoo intends to add it to other apps in the future.

H/T Reuters | Photo via Scott Schiller/Flickr (CC BY 2.0)

Layer 8
For businesses and government, the race is on to ditch the password
Two-Factor Tuesday and the coalition to evolve our vulnerable, dated logins.
From Our VICE Partners

Pure, uncut internet. Straight to your inbox.