Yahoo Wants to Remove Passwords, But Is That Really Wise?
Recently, Yahoo announced that they will introduce a new feature called on demand passwords which will no longer require the users to memorize passwords. Basically, what this means is that all you will have to do is request a temporary password and Yahoo will generate one for you then send it as a message to the device connected to the account. If you choose to use this option, instead of having to deal with remembering and keeping your password safe, all you'll have to do is make sure that no one steals or borrows your phone.
At the moment, this feature only works for people from the United States, but if everything works out as planned, it will soon be expanded to other parts of the world. If you want to activate it, all you have to do is go to your Yahoo account settings, select the on demand passwords option, provide your phone number and then confirm it by providing the code that you receive via a text message. Once this function is activated, the Yahoo log-in screen you will have a send my password button instead of the box where you would usually type your password.
Even though this idea seems like a step in the right direction, I'm not totally convinced that the solution Yahoo came up with is actually better from the security standpoint. In my opinion, this procedure won't be much faster than when you use the two-factor authentication system but instead of having to compromise two devices, a hacker will once again only need to attack one of them. Besides, it's much more difficult to steal a password from someone's head than a smartphone from a jacket or purse.