Yahoo's Password-Free Login Has Its Own Set Of Problems

Yahoo has a new system to address password security, but it might just be replacing one vulnerability with another.

Yahoo's Password-Free Login Has Its Own Set Of Problems
Getty Images / Justin Sullivan
SMS

Yahoo wants to do away with passwords to improve security, but its new system has its own set of flaws. 

Yahoo has unveiled "on demand" passwords, a system that works by sending a unique, time-sensitive code to your phone through a text or app when you want to log in.

It sounds a lot like the existing two-factor authentication process, which is considered a strong alternative to traditional passwords. But Yahoo's "on demand" system is missing the step where users type in their primary password first. (Video via Authy)

And the old password has its critics. Once online thieves crack a password for one account, like email, they can usually gain access to a lot of other private information. 

But the added security comes at the cost of convenience. Many people use email constantly, so having to log in via your phone to check your inbox on a computer could turn into a bit of a hassle.

There is also the issue of a lost or stolen phone. Then, a person could easily gain access to the on-demand password needed for a Yahoo email. 

However, for a traditional password to be hard to crack, it needs to be complicated. So Yahoo's alternative removes the need of remembering another string of letters and numbers.

Cybersecurity has become a hot button issue for the tech industry. Industry leaders like Sony and Apple have both suffered from high-profile vulnerabilities recently, and many companies are looking for new ways to tackle weak passwords.

While Yahoo's solution certainly doesn't fix the password problem, the company admits it is just "the first step to eliminating passwords."

UPDATE: In a statement a Yahoo spokesperson told us: “We’re committed to our users’ safety and recently introduced on-demand passwords in part to ensure our users’ accounts are as secure as possible. When a user creates their own password, they often: 1) don’t make it sufficiently complex, 2) use the same password across multiple sites, and 3) use simpler passwords that are easier to enter on their mobile device. On-demand passwords are generated on a one-time basis and sent via SMS to the users verified mobile number (and eventually via App notification). On-demand passwords make life easier and more secure for our users by relieving them of the responsibility of creating a password that is at once difficult to guess, unique to one site and still memorable.”

This video includes images from Getty Images.