Yahoo takes on-demand password system to the next level

By November 05, 2015
Yahoo propose de travailler avec les notifications push pour accéder à ses mails

Forgotten passwords could soon be a thing of the past. Yahoo has been working to transform the way users log in to their email account by providing access based on a push notification to, and authentication from, their mobile device.

Back in 2007 a Microsoft study revealed that each Internet user had on average 6.5 passwords. A more recent study indicates that this figure has now risen to a minimum of 8.5.

So it is clear that ever more passwords are being used, and they are moreover becoming much more complicated. Nowadays IT security experts recommend that your password should contain a combination of lower-case letters, capital letters, numbers and symbols. Such passwords might well be strong and secure, but this approach makes them extremely difficult to memorise and increases the likelihood that the user will get his/her various passwords mixed up.

Now Yahoo, whose rather underwhelming quarterly results were announced recently, has set out to address this ubiquitous problem. The Sunnyvale, California-based search engine and web services provider fired the starting gun in March by launching ‘on-demand passwords’. The idea is extremely simple: when a user wants to connect to his/her Yahoo account, instead of typing in a traditional password, s/he requests a one-off password – in effect an activation code – which is then sent straight to the smartphone which the user has previously registered with the system. In order to lay to rest any doubts about the security aspect of this approach, Yahoo has just taken the process a step further with its ‘Account Key’ system.

Yahoo réinvente le mot de passe par le biais de la notification push, créant un service "à la demande"

Yahoo rethinks the way we access our emails, by using a push notification system

With this improved procedure, you need to download the Yahoo Mail app on to your phone and register for Account Key. Then when you go to log in on any device, the website screen will tell you that it is waiting for approval. Meanwhile a push notification will be sent to your phone – not providing you with an access code but asking whether or not you are trying to sign in to your account. Tapping on ‘√ Yes’ will enable the system to go ahead with your login. If someone else is trying to hack into your account you can tap on ‘X No’ to block access. This system is ‟more secure than a traditional password because once you activate Account Key – even if someone gets access to your account info – they can’t sign in,” explains Dylan Casey, Vice President of Product Management at Yahoo, in his blog.

Legal mentions © L’Atelier BNP Paribas