BEST OF THE WEB

Yahoo to experiment with one-time passwords for accounts

Two-factor authentication is increasingly being used to ensure safer logins to popular email and social media sites.

The latest refinement comes from Yahoo, which has offered a version of TFA for about a year to its email susbscribers which sends a coded number to a smart phone that has to be entered to confirm a user’s identity.

On Sunday it announced a refinement for American subscribers: For greater security it will text a one-time password to a smart phone, so users won’t have to remember a (hopefully) complex series of letters and numbers to login.

Presumably if U.S. subscribers warm up to the idea it will be rolled out to other countries.

There are several problems with the idea, which are the same one for any second-factor ID sent to a mobile phone: First, what if the phone isn’t with you or you don’t have wireless access when you’re trying to log in? Pretend for a moment you’re trying to use a hardwired PC in a hotel business centre but your spouse has your phone. Or your phone can’t get a signal. from inside the building.

Second, it assumes your phone can only be used by you because there’s a login password needed on the device. And, what’s more important, that you haven’t configured your phone to display incoming texts regardless of the screen lock. If your phone is stolen and the thief knows your Yahoo username and then sees the one-time password, you’re cooked.

Still it is an improvement, and every step that betters security is welcome.

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web