October 17, 2015
Yahoo may have just taken the first step toward vanquishing passwords
Over the years, I’ve accumulated dozens, perhaps hundreds, of passwords. Most of them I keep stored in an app, which itself requires a password. Scrolling through the list there are passwords for things that have been long forgotten.
For example, it looks like I at one time decided to sign up for the MacCentral discussion forum. MacCentral was at one time a popular website for Mac users. It no long exists — hasn’t for years.
I could delete some of those old passwords, but it wouldn’t do much good — at least not in terms of bringing down the total. It seems like everything you want to do on the Internet requires a password of some sort.
I’ve been looking at the possibility of using a service for an embedded calendar of events. There are a number of options out there, but it’s hard to decide if they’re any good unless you create an account and give them a try.
So that’s a bunch more passwords.
Every once in a while there is a glimmer of hope that passwords are becoming a thing of the past. As far as I’m concerned, it can’t happen soon enough. I try to keep all my passwords in a safe place, but sometimes I forget, and frustration ensues when I can’t remember one of them.
The latest assault on passwords comes from Yahoo Mail. They’ve just rolled out a system that allows you to securely log in to their service without a password. You read that right — NO PASSWORD.
Here’s how it works: you download the Yahoo Mail app to your smartphone and set it up so that it receives a notification when you want to sign in to Yahoo Mail. If you tap “Yes” then you’re in.
My first reaction was that it would be quicker and easier to type in a password, assuming you remember it. Also, even now, not everyone has a smartphone on them all the time.
Still, when you think about, this is a far more secure way of doing things. Thieves love Internet-based security systems because you can eventually crack them. Set up computers to hack away millions of times a day, and you’re bound to get lucky.
But using Yahoo’s new system would make that approach impossible. That’s because the only password (the one you use to set up the app) is on your phone. Communication between the app and Yahoo Mail is by random tokens that are impossible to guess.
That means the thief would pretty much have to come to your house and steal your phone in order to get into your Yahoo account. Even then, of course, he would need to get past whatever password or fingerprint technology you have used to secure the phone.
This, of course, would be a major inconvenience for bad guys. Balance this with the small inconvenience of tapping a “Yes” when you want to log in and you come out ahead.
I tried it out myself and found it a little weird, but I could get used to it. Once I had everything set up on the app on my iPhone, I tried using Yahoo Mail on a computer. I received a text message asking for permission to log in. I swiped to the left and found the options. I tapped “Yes” then waited.
Not really knowing what to expect, it seemed like it wasn’t working. But after a few seconds, I was in. Impressive. The down side is that I discovered I have over a hundred unread emails, but that’s a whole other thing.
I suspect that if Yahoo’s system catches on with Apple, Google and the rest, it will become further refined, more intuitive and easier to use. When that day arrives, passwords may finally become a thing of the past. I can hardly wait.
(Glenn Fleishman, a respected writer for Macworld, outlines how the new Yahoo Mail system works. Well worth a read.)