Slashdot Mirror

← Back to Stories (view on slashdot.org)

Yahoo Debuts End-To-End Encryption Email Plugin, Password-Free Logins

Posted by Soulskill on from the from-one-end-of-the-internet-to-the-other dept.

An anonymous reader writes: Yahoo has released the source code for a plugin that will enable end-to-end encryption for their email service. They're soliciting feedback from the security community to make sure it's built properly. They plan to roll it out to users by the end of the year.

Yahoo also demonstrated a new authentication system that doesn't use permanent passwords. Instead, they allow you to associate your Yahoo account with your phone, and text you a code on demand any time you need to log in. It's basically just the second step of traditional two-step authentication by itself. But Yahoo says they think it's "the first step to eliminating passwords."

8 of 213 comments (clear)

  1. BS by Anonymous Coward · · Score: 2, Insightful

    End to end encryption with sending the code over an unsecure SMS so that the NSA can decrypt it anyway.
    Nice.

  2. *facepalm* by thegarbz · · Score: 4, Insightful

    Yahoo needs to understand that the purpose of 2-factor authentication was not to replace passwords, but rather to ... provide a second factor of authentication.

    Remember ideally:
    1. Something you know
    2. Something you have
    3. Something you are

    Each is no more secure than the other, but together they form a far stronger system than any individual component.

    1. Re:*facepalm* by mwvdlee · · Score: 4, Insightful

      Wouldn't this ideally be presented as a choice to users?

      1. I don't care who reads my email; use either password or SMS only.
      2. I care only slightly who reads my email; use two factor authentication.
      3. My email is actually of some importance; choose a different email provider.
      4. My email contains sensitive information; cancel all my email accounts.

      --
      Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
  3. To the second point by XB-70 · · Score: 4, Insightful
    Fuck Yahoo! This is just a sleazy way to collect phone numbers and associate them with email addresses.

    What if your phone is dead/stolen and you desperately need to get a message out? You're fucked.

    NOTE: They just killed Yahoo! Profiles. In short, they are collecting data for themselves while making it harder and harder for Yahoo! users to search each other out.

    --
    *** Don't be dull.***
  4. Re:I hope... by circletimessquare · · Score: 4, Insightful

    you can't make people care

    there will be plenty that just don't care about privacy

    there will be plenty that don't care and they're right: their online life is shallow crap

    there will be plenty that don't care and they're wrong: their online info is used against them

    some small fraction of the latter group will make an effort to correct that problem

    this is, and always will be, a small percentage of people online

    and honestly: it's not a problem. most people just aren't that interesting

    if you want to spin frightening scenarios of government knowing everything about them, advertisers profiling their lives in every detail, the ease at which their finances and physical location can found in a snap, etc... they still won't fucking care

    welcome to reality

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
  5. Re:security by Anonymous Coward · · Score: 3, Insightful

    With phones becoming primary form of email access for many, two-factor that relies on phone defeats the purpose.

  6. Re:No Phone by Torp · · Score: 3, Insightful

    I have one, but I don't *trust* Yahoo with it. The moment i won't be able to log in without my phone is when I give up on their services...

    --
    I apologize for the lack of a signature.
  7. Let's tie my comm links unseparably together by gsslay · · Score: 4, Insightful

    Oh no, my phone is dead/stolen! Better email people and tell them not to phone me and I'll be reachable by email.

    Just need to log into my email and ... ... shit...