LONDON: Yahoo unveiled plans to introduce one time passwords that it would deliver via SMS. Commentators were concerned about the security implications of this offering, seeing it as a plus for user experience but a major minus for security.
Its very hard to understand Yahoo CEO Marissa Mayer‘s reasons for doing this maybe usage is waning and she’s decided that ease of access is the trump card that will turn that around. Either way, it seems a giant step backward for Yahoo and its customers.
Yahoo seems to be in damage control mode today. Yahoo was keen to articulate its focus on user safety, yahoo stated.
“We’re committed to our users’ safety and recently introduced on-demand passwords in part to ensure our users’ accounts are as secure as possible. When a user creates their own password, they often: 1) don’t make it sufficiently complex, 2) use the same password across multiple sites, and 3) use simpler passwords that are easier to enter on their mobile device. On-demand passwords are generated on a one-time basis and sent via SMS to the users’ verified mobile number (and eventually via App notification). On-demand passwords make life easier and more secure for our users by relieving them of the responsibility of creating a password that is at once difficult to guess, unique to one site and still memorable”.
Yahoo also had some specific responses to some criticisms raised. They pointed out several areas that they were working on or had alternative answers to.
