SAN FRANCISCO - Yahoo's next step in password security is to eliminate them altogether. Starting on Thursday, the company announced, users of the Yahoo Mail app on both iOS and Android will have access to a new service called Yahoo Account Key, which uses smartphones to verify identities in lieu of traditional passwords. Here's how it works: When users who sign up for Account Key try to access Yahoo Mail, they will no longer need to enter their password. Instead, the Account Key service will send a message to the smartphone connected to the account. With a tap on yes or no, users can indicate it is a legitimate attempt to get into the account or deny unauthorized access - See more at: Yahoo aims to phase out passwords with new service | SciTech | GMA News Online
Seems Silly to me, is this what they call progression or are they going to start selling Smart Phones?
Silly to get rid of the passwords. They should use the key authentication as an optional secondary measure of security. Not everyone has a smart phone and it can be a hassle if you don't have your smart phone on you. On top of that if your smart phone gets stolen you have to spend quite a bit of time deactivating the authentication keys (giving the person who stole your phone plenty of time to change all your alternate verification methods). Many other websites, including this forum, have already implemented this two step verification method....and all of them still allow password available. So then maybe they should just go with 2-step verification. If I can figure out how to set it up surely the IT experts at Yahoo can.
When all these companies can secure their own servers from hackers, until then leave the system as it is.
It's impossible to completely secure a server. Leaving things as they are only allows hackers to find more back-doors. You have to constantly upgrade and change your security measures to keep unwanted people out....though the idea mentioned here seems like a step backwards. I'd guess the way that most people get their account "hacked" into is by fishing attacks. The average end-user needs to stop being so gullible and stop using easy passwords to guess (and stop using that same ridiculously short/easy password for every website they have an account at) if they really want their accounts to be secured.
