Yahoo Joins Race to Eliminate Passwords
2015 will go down in history as the moment we finally realised the importance of online security. Both businesses and individuals have been affected and we all know somebody that has suffered a security breach of some kind.
The more proactive online users have investigated how they can protect their growing number of online accounts. They quickly learned that their passwords should be longer, include numbers to disguise words, at least one capital letter and even symbols such as ?!$%. Even this is not enough, and every online account must have a unique password that should never be written down anywhere other than a secure password safe.
Finally, we should also add two-factor authentication security just for safe measure. This is fantastic advice, but not too hard to see why many do not follow these strict guidelines and deem them unrealistic for everyday use both in and outside of the office on a myriad of devices.
Yahoo came of age and celebrated its 18th birthday by offering an antidote to this modern first world problem by announcing that they will be replacing the ageing passwords feature from their email service and replacing with their Yahoo Account Key feature which sounds much more plausible than replacing passwords with selfies.
Passwords are usually simple to hack and easy to forget – Dylan Casey, vice president of product management at Yahoo.
Some of the greatest technology innovation comes from brave and daring individuals who decide to tear up the rule book and question the tired old processes that we blindly follow without even questioning. I would have loved to have been in the brainstorming meeting and pitch to the Yahoo CEO when the phrase “we want to remove passwords…please stick with me for a minute” was uttered.
The concept is simple and allows users to sign into their email accounts by pressing on a notification sent to their smartphones instead of by typing in the traditional password of old. Should the unthinkable happen and you lose your phone, users can use the app’s settings to access their Yahoo inbox from another device.
It’s also more secure than a traditional password because once you activate Account Key – even if someone gets access to your account info – they can’t sign in.
Critics have been quick to ask what will happen if you find yourself in an area with a wi-fi connection, but no mobile signal to receive an SMS message. Those who do not lock their phones (you know who you are) could be at risk from nosey friends or spouses who could access their inbox by quickly grabbing their phone when they leave the room.
Meanwhile, conspiracy theorists might suggest that Yahoo are using smoke and mirrors to capture your mobile number to sell to the highest bidder and bombard their users with promotions to products they don’t want or need.
Although the Yahoo password feature has more than a few flaws, it certainly sounds more appealing that the rumoured stomach or brain implant that PayPalwere reported to be working on. The most important aspect of these recent announcements is the realisation that our current methods of authentication are broken and not realistic when managing multiple accounts on a daily basis with our busy lifestyles. After all technology was supposed to make our lives quicker, easier and simpler, right?
We are now all heavy online users and often do not realise just how much of lives is stored on that smartphone sitting in our pockets. However, we all increasingly recognise the importance of increasing our security, but equally the importance of making it easier to use for everyone.
We need to look at alternatives and move away from the ‘we have always done it this way’ mentality. Biometric scanning was initially thought to kill off passwords. However, the discovery that even iris scanners can be fooled by high-quality images of an iris and we have all seen that movie where somebodies finger is cut off to access the security system, which might be unwittingly slowing down our enthusiasm.
The recent moves by Apple and Yahoo suggest the writing is on the wall for the humble password. In the near future, I wonder if we will only be able to access our online accounts from a trusted list of our devices. This should pave the way for everyone to use a stronger two-factor authentication to ensure our accounts can only be accessed by the equipment we use, but most importantly signal the end for passwords.
While busy trying to create an environment inspired by our science fiction movies, maybe the future of security is not about biometrics or implants, but just a simpler and easier way for us to manage our accounts and the devices we access them from.