- New Loch Ness monster video may just confirm giant eel theory Wednesday 8:04 PM
- Instagram to restrict posts promoting diet culture and plastic surgery Wednesday 6:58 PM
- Apple wants to trademark ‘Slofie,’ its term for slow-motion selfies Wednesday 5:51 PM
- Fortnite leak reveals a Batman crossover event may be happening Wednesday 5:32 PM
- The explosion at a bull semen factory generated a lot of obvious jokes Wednesday 4:33 PM
- Jessica Jaymes, adult film star, dead at 43 Wednesday 4:18 PM
- How to stream Falcons vs. Colts in Week 3 Wednesday 4:05 PM
- Beto O’Rourke says he opposes police use of facial recognition tech Wednesday 4:01 PM
- Lawsuit alleges woman was kidnapped by Lyft driver and gang-raped Wednesday 3:19 PM
- Facebook and Ray-Ban want to replace smartphones with smart glasses Wednesday 3:13 PM
- Sirfetch’d is the gallant new Pokémon winning everyone’s heart Wednesday 3:09 PM
- Danielle Cohn’s dad says she’s not really 15 years old Wednesday 2:14 PM
- Chilling ad by Sandy Hook Promise features kids using school supplies during a shooting Wednesday 1:50 PM
- Don’t fall victim to this Venmo texting scam Wednesday 1:18 PM
- Here’s what’s coming and going on Netflix in October 2019 Wednesday 12:55 PM
The danger of Yahoo’s new ‘on demand’ password feature
Whatever you do, don’t lose your phone.
In an age where digital security and privacy are slowly becoming nonexistent, Yahoo has a new way to make your accounts even less secure.
That’s right, with Yahoo’s new “on demand” passwords, you completely ditch your password and replace it with a time-sensitive code that’s sent to your phone or tablet through an app or text message. It’s like two-step verification without the password step.
In other words, users of the “on demand” feature no longer enter their regular passwords. Instead, they simply enter the one-time code.
Because the “on demand” code is only valid for a limited time, the system theoretically removes some of the dangers of having your login credentials stolen and used to hijack your account. It also eliminates the need to create a strong password that’s hard to remember—and the tendency to use passwords that are downright horrible.
There’s just one problem.
If your phone is lost or stolen, your Yahoo account is at risk. “On demand” passwords take the first, most crucial step out of two step verification: a strong password. Yahoo’s “on demand” passwords are intended to make logging into your accounts a little convenient, but you sacrifice security in the process.
Yahoo already offers one of the best ways to secure your accounts: Two-step verification, which requires both a password and a verification code, provides an extra layer protection if your password were compromised or if your mobile device wer stolen.
While “on demand” passwords may be a step back in securing your accounts, Yahoo is making strides in the other direction: email encryption. The company announced Monday work on a system that allows users to easily use end-to-end PGP encryption, one of the most sophisticated encryption methods, through a simple browser plugin. Yahoo says the plugin will debut in the fall.
Here’s a video of the plugin in action. On the left is the traditional process for setting up PGP encryption for your email:
H/T The Verge | Illustration by Max Fleishman
Once named one of Forbes’ 20 Under 20 and hired as a staff writer for the Daily Dot when he was still a senior in high school, William Turton is a rising tech reporter focusing on information security, hacking culture, and politics. Since leaving the Daily Dot in April 2016, his work has appeared on Gizmodo, the Outline, and Vice News Tonight on HBO.