Passwords can be a tricky thing, and even password management services are susceptible to hacks. Two-factor authentication helps, but you still need to remember a password to get started. Yahoo thinks the best way to deal with passwords is to get rid of them entirely. The company has revealed its Account Key service, which it explains with one of the least interesting YouTube videos ever produced.
If you're one of the millions of people that carry their smartphones with them all the time, Account Key seems pretty simple. When a user signs into a Yahoo account with the service enabled, Account Key sends a push notification to the Yahoo Mail app on the phone to ask if you're trying to log in. Answering "no" will block the attempt.
Yahoo Mail isn't the only app getting Account Key support. The company says that the rest of its phone apps will be updated to support the security method with time. We tried it out with Yahoo Mail on iOS, and after a minor hiccup in the setup process, it seemed to work smoothly. After entering the username on a PC, the phone displayed the alert, and answering in the affirmative granted access.
Between the passwords and phone messages that most two-factor authentication services employ, the phone may be the more secure part of the equation, so we think this could be a simple and effective security method. Yahoo says two-factor authentication isn't going away, though, so users aren't going to be forced to change.
Symantec security manager Satnam Narang told Reuters that Yahoo's solution is "a step above a password," but he doesn't think passwords are going away any time soon. "They're so ingrained in everything we do from banking to email to shopping, you name it," Narang said. He encourages users to adopt a password management service if they haven't already.