Article Lead Image

photo via Scott Schiller/Flickr (CC BY 2.0)

Yahoo Account Key is just a less-secure two-factor authentication

What is Yahoo doing?


AJ Dellinger


Posted on Oct 15, 2015   Updated on May 27, 2021, 7:25 pm CDT

Yahoo thinks it knows how to eliminate passwords.

On Thursday, the company unveiled a password-free sign-in experience called Yahoo Account Key. The service uses push notifications let people into their accounts.

Account Key sends a prompt to a user’s phone whenever they sign in. The notification allows the person to grant or deny access to their account.

Account Key is essentially a streamlined version of two-factor authentication without the first factor—the password itself. The whole idea of 2FA is to require two pieces of information that confirm the identity of the user—in most cases, a password and a temporary code sent to a phone or tablet.

Yahoo’s approach relies on the phone’s own login security—a PIN code or fingerprint—as the second factor.

If you lose your phone, you’ll still be able to get past Account Key and into your account by verifying your identity through an alternate email or phone number. 

Earlier this year, Yahoo previously rolled out a login system called “on-demand passwords” that sent a temporary verification code to a phone that could act in place of a password. With Account Key, Yahoo has taken things one step further.

A revamped version of Yahoo Mail is the first service to get the new Account Key authorization system. Yahoo intends to add it to other apps in the future.

H/T Reuters | Photo via Scott Schiller/Flickr (CC BY 2.0)

Share this article
*First Published: Oct 15, 2015, 3:43 pm CDT