With the backing of Google and Microsoft, the FIDO Alliance wants to kill passwords through biometrics like fingerprints and eye scans. Yahoo, however, is trying a different approach—one that looks a lot like the two-factor authentication we have now.
During SXSW on Sunday, the company announced a new feature for U.S. users called on-demand passwords. Instead of keeping a single password in your memory or a password manager like LastPass, Yahoo will send a one-time login code to your mobile phone every time you want to sign-in to your Yahoo account.
To get set-up, log in in to Yahoo.com and from the account management page select Account security. Then in the main part of the page, select On-demand password. Next, Yahoo will ask you to enter your phone number to send you a verification code. Once you verify that you are receiving codes, each time you attempt to sign in to your Yahoo account you’ll now see a send my password button.
The impact on you at home: If you don’t use a password manager and use the same password for multiple accounts, on-demand passwords could be a blessing. The new feature removes the burden of creating and remembering a password. All you have to do is make sure your phone is charged and has a signal when you need to sign into a Yahoo site. Yahoo didn’t address how you might get online if you’re somewhere that has Internet access, but no cell signal—such as in-flight—but it’s an interesting approach to killing passwords that is fairly simple to use once you’ve signed up.
Yahoo also provided an update on its end-to-end GPG email encryption plugin that the company first announced in August. In a video posted to YouTube, Yahoo shows its new plugin in action with a side-by-side comparison of getting up and running with GPGTools, an encryption suite for Mac OS X desktops.
In the video, Yahoo Mail’s encryption plugin looks relatively simple to use and should make encryption easier for anyone that wants the functionality. Yahoo says the plugin should be available to all users by the end of 2015.