Saturday 21 March 2015

Yahoo, Microsoft crafting password alternatives

SAN JOSE, Calif. – Tired of trying to remember a different password for each of your online accounts? Or worried about reusing the same password too many times? You’re not alone. Tech experts agree that traditional passwords are annoying, outmoded and too easily hacked.
This week, Yahoo and Microsoft offered up some alternatives: Yahoo says it can text temporary passwords to users’ phones each time they want to sign into their Yahoo accounts. Microsoft says it is building facial-recognition and fingerprint-identification technology into Windows 10, the new computer operating system coming this summer, so users can log on with their fingertip or face. The two approaches drew different reviews.

New day, new password

Convenience and security. That’s what Yahoo is promising users who choose to receive a single-use password “on demand” – sent by text message to their mobile phone each time they want to sign into their Yahoo account. Once you opt into the program, there’s no more need to create or memorize a password for Yahoo’s email or other services.
Not a good move, experts say.
“Yahoo just made it easier for attackers to compromise an account,” said Tim Erlin, risk strategist for the cybersecurity firm Tripwire. Temporary passwords can fall into the hands of anyone who steals your phone. While most phones can be set to require a separate password to unlock the home screen, many people don’t bother to do so. Phones can also be infected with malware that intercepts or copies text messages, he said.
Though it may be convenient, Erlin said, Yahoo’s on-demand option is a step backward from another alternative the company offers, known as two-factor authentication.
Yahoo security chief Alex Stamos agrees that two-factor authentication is stronger. But many people don’t use it, he said in an online post defending against critics. Instead, people too often recycle short passwords that are easier to type, especially on small phone screens, but also easy for hackers to guess, he said.
Since most online services let users reset passwords by sending a text or email to their phones, users are already vulnerable if they lose their device, Stamos argued.
“The truth is that passwords are so incredibly, ridiculously broken that it is almost impossible to keep users safe as long as we have any,” Stamos wrote on his Twitter account. He said Yahoo is working on other solutions.
Read more Click here / www.advante360.com 

No comments:

Post a Comment