SAN FRANCISCO -- Yahoo knows users hates passwords, and that’s why the company is introducing an option to stop using them. The new feature is called Account Key and will let users log in to their Yahoo Mail accounts by simply pressing a notification on their smartphones.
Account Key is one of the first major steps the tech industry is taking toward ending the use of passwords, a practice that many cybersecurity experts say has become outdated and offers little protection against hackers, especially since many individuals online still use passwords as simple as “12345.”
“Account Key just represents a potential where there’s no memorized passwords,” said Jeff Bonforte, Yahoo senior vice president of communications products. “Account Key is super simple and when you use it, it is incredibly fast and seamless.”
Yahoo is introducing Account Key as part of a major update to Yahoo Mail, rolling out to Apple iOS and Android users Thursday. Those who opt-in to use Account Key will receive a push notification on their smartphones or an email any time they want to log into their Yahoo account from a new device. The feature is also set to work with Apple Watch.
How It Works
When Apple iOS users download the latest version of the Yahoo Mail app, they’ll be able to opt-in to use the Account Key feature by tapping on the human icon found at the top of the screen and then tapping on the key icon that comes up. Android users can opt-in by tapping on the app’s sidebar and then choosing the key icon. On the next screen, users will begin an onboarding process where they will register their device for the Account Key feature.
After set-up is complete, users will only have to type in their Yahoo Mail addresses when logging in from a new browser or device to prompt the Account Key log-in process. Yahoo will send a push notification to their smartphone where they can simply hit “yes” to allow the new login. If users tap the notification they’ll be taken to a screen with more detail, such as what type of device is trying to log in and where in the world they are signing in from. If the log-in attempt is not theirs, users have the option of denying access.
For those wondering what happens if your smartphone gets lost or broken, Yahoo has a backup plan built in. When setting up Account Key, Yahoo requires users to put down an alternative email address, such as Gmail or AOL, or an alternative phone number. If users misplace their smartphone they can use that second email address or phone number to let themselves back into their Yahoo accounts. As extra backup, users can also list multiple email addresses, said Dylan Casey, Yahoo vice president of product management, who lead the development of the feature.
Small Step For Yahoo, Major Leap For Cybersecurity
Yahoo is calling Account key “the first step toward a password-free future,” and that’s because you’ll still need to have a password. Yahoo is the first major email service to test a password-less login at such a grand scale, and the company is making sure to ease into the process rather than dive in. That’s because there are still many users without smartphones, because the company says users need to be eased into such a drastic shift and because the tech world has yet to see how hackers will attack this new type of log-in.
But don’t be surprised if other major email services like Google Gmail and Microsoft Outlook adopt similar technology should Account Key proof to be popular and a secure way to log in to one’s accounts. At launch, Account Key will work with Yahoo Mail, but the Sunnyvale, California, company plans to extend the feature to all of its apps later this year and eventually stop using passwords altogether.
For now, anyone who signs up for a new Yahoo acount will still need to create a password -- they won't be able to opt directly into using Account Key, "but that's coming," Casey said. "This was the first step."