We all know that many users have the same, weak password for most of his or her accounts. Plenty of password services have popped up to help us maintain strong, unique passwords, but not everyone is onboard with these programs. Now Yahoo is taking a stab at helping Joe Q. Public with his password problem with “on-demand passwords” and is touting an upcoming end-to-end (e2e) encryption plugin for Yahoo Mail.
The new feature sends a text message to your phone with a unique, strong password whenever you log into your Yahoo account. The idea is that, so long as you have your phone, you don’t have to bother trying to remember your password, and you won’t be using the same password you used when you responded to that grammatically challenged email alerting you to a “problem” with your account.
You can enable the service in Yahoo’s Account Security section. Once you enter the verification code sent to your phone, you’re good to go. Of course, you’ll need to have your phone handy when you log into your Yahoo account. The good news is that Yahoo doesn’t give any indication that you’ll need to sign in more often as a result of using the on-demand passwords.
Yahoo’s new password program is intriguing, although, anecdotally, none of my Yahoo-using friends seem likely to use on-demand passwords. People who have weak passwords usually aren’t looking for ways to improve the strength of their passwords, in my experience, but you have to give Yahoo credit for making tool like this available.
The e2e encryption plugin is meant for communications that you absolutely need to keep private and are willing to take some extra steps to do so. Yahoo used the example of someone in a country that doesn’t respect free speech, or someone who wants to send tax documents to an accountant.
Still, it’s hard to tell whether the upcoming service will provide the security users want. Subject lines will still be accessible and data about who sent the message (and when) won’t be hidden, either.
There’s no shortage of reasons to want e2e, but whether Yahoo! has come up with a true solution remains to be seen: it won’t have the service ready until the end of this year.