Yahoo already offers two-step verification, but has decided to introduce a new approach with on-demand passwords for connecting to an online account. The objective sought is that of a simplification for the user who could find it difficult to remember his password. " Never have to remember your password again. "
In practice, this approach is basically verification in two stages … without the first stage. As with two-step verification, the user receives a unique and punctual code on their phone when they want to connect. But logging in does not require the first step of entering the permanent password.
On-demand passwords are currently available to Yahoo.com users in the United States. They must connect to their Yahoo account using the usual password, then activate passwords on demand in the security settings and save their phone number. The next time you try to connect, the input field for the password will be replaced by a button for sending the password on demand.
With on-demand passwords, a Yahoo official talks about the " first step towards eliminating passwords ". This time it does not use biometrics even if it can be assumed that associating passwords on demand with a hint of biometrics would be a safer solution. The loss of a smartphone arrived so quickly…
Yahoo also announced that for Yahoo Mail, end-to-end email encryption will be available by the end of the year via a plugin whose source code is on GitHub. It allows to use, in a simple way for the Net surfer, OpenPGP encryption.
This is the work started from the extension for Chrome called End-To-End that Google unveiled last year. Yahoo said it wanted to use the End-to-End code to provide a modified and compatible version for Yahoo Mail.
As we had already mentioned, this end-to-end encryption will be reserved for certain emails deemed sensitive. Only the body of the message will be encrypted and only visible to the sender and the recipient. However, the subject, the recipient's name and other metadata will not be encrypted.