Yahoo Account Key is just a less-secure two-factor authentication

Yahoo thinks it knows how to eliminate passwords.

On Thursday, the company unveiled a password-free sign-in experience called Yahoo Account Key. The service uses push notifications let people into their accounts.

Account Key sends a prompt to a user’s phone whenever they sign in. The notification allows the person to grant or deny access to their account.

Yahoo

Account Key is essentially a streamlined version of two-factor authentication without the first factor—the password itself. The whole idea of 2FA is to require two pieces of information that confirm the identity of the user—in most cases, a password and a temporary code sent to a phone or tablet.

Yahoo’s approach relies on the phone’s own login security—a PIN code or fingerprint—as the second factor.

If you lose your phone, you’ll still be able to get past Account Key and into your account by verifying your identity through an alternate email or phone number. 

Earlier this year, Yahoo previously rolled out a login system called “on-demand passwords” that sent a temporary verification code to a phone that could act in place of a password. With Account Key, Yahoo has taken things one step further.

A revamped version of Yahoo Mail is the first service to get the new Account Key authorization system. Yahoo intends to add it to other apps in the future.

H/T Reuters | Photo via Scott Schiller/Flickr (CC BY 2.0)

AJ Dellinger

AJ Dellinger

AJ Dellinger is a seasoned technology writer whose work has appeared in Digital Trends, International Business Times, and Newsweek. In 2018, he joined Gizmodo as the nights and weekend editor.