It’s no secret that governments around the world are doing their best to snoop on civilian communications. Intelligence organisations like the NSA and CIA have tried everything, from infecting hard drive firmware to targeting popular mobile devices. Since Edward Snowden’s reports about government surveillance, technology companies have started boosting privacy measures to protect users and regain their trust.
Back in June 2014, Google announced a Chrome plugin to provide end-to-end encryption for Gmail users. Yahoo also announced that it was working on a version of Google’s plugin for Yahoo Mail users. Just recently, Yahoo showed off the company’s progress on end-to-end at the SXSW festival in Austin, Texas and introduced a new, password-free login system.
Security vs. Usability
Yahoo Demos Password-Free Logins and End-To-Encrypted EmailMost users are reluctant to adopt strong online security measures since that often means sacrificing ease-of-use. For instance, most tech companies now support two-factor authentication, which adds an additional one-time password to your account that can only be obtained from your mobile device. While this method of authentication is significantly more secure, it also slows users down since it adds an additional step. Yahoo hopes that it can find a perfect balance between security and usability with its new authentication system.
“We’ve all been there…you’re logging into your email and you panic because you’ve forgotten your password. After racking your brain for what feels like hours, it finally comes to you. Phew!
Today, we’re hoping to make that process less anxiety-inducing by introducing on-demand passwords, which are texted to your mobile phone when you need them. You no longer have to memorize a difficult password to sign in to your account – what a relief!”
Yahoo’s “on-demand passwords” allow users to always have a strong, ever-changing password that they don’t need to memorize. While this is inherently less secure than two-factor authentication, on-demand passwords may just strike the perfect balance between convenience and security. The only problem would be if a user were to lose his/her mobile phone.
The on-demand passwords feature is available today for U.S. users to try. However, that’s not the only new security feature from Yahoo. The company has also demoed its end-to-end plugin, which Yahoo hopes to have ready for the public by the end of the year.
Yahoo’s end-to-end encryption system is a lot more user-friendly than traditional methods like GPGTools. However, it still may not be as convenient as sending a regular email, and the company doesn’t expect users to use end-to-end for everything. As Yahoo’s security chief Alex Stamos told the Washington Post, the majority of users’ emails would still remain unencrypted. Users would only encrypt emails containing particularly sensitive information.