Yahoo’s new on-demand password system is no replacement for two-factor authentication

In an effort to simplify authentication for its services, Yahoo has introduced a new mechanism that allows users to log in with temporary passwords that are sent to their mobile phones.

If this sounds like a two-factor authentication system where users need to provide one-time codes sent to their mobile phones in addition to their static passwords, it’s not. Yahoo already had that option.

Instead, the new log-in mechanism, which is based on what Yahoo calls on-demand passwords, still relies on a single factor, the user’s phone number.

Yahoo users—only those based in the U.S. for now—can turn on the new feature from their account security settings on Yahoo’s site. They will need to provide a phone number and then confirm that they have access to it by inputting a verification code sent to them via SMS.

To read this article in full or to leave a comment, please click here

Read more: Yahoo’s new on-demand password system is no replacement for two-factor authentication

Story added 16. March 2015, content source with full text you can find at link above.