Yahoo Debuts End-To-End Encryption Email Plugin, Password-Free Logins

← Back to Stories (view on slashdot.org)

Yahoo Debuts End-To-End Encryption Email Plugin, Password-Free Logins

Posted by Soulskill on Sunday March 15, 2015 @09:19PM from the from-one-end-of-the-internet-to-the-other dept.

An anonymous reader writes: Yahoo has released the source code for a plugin that will enable end-to-end encryption for their email service. They're soliciting feedback from the security community to make sure it's built properly. They plan to roll it out to users by the end of the year.

Yahoo also demonstrated a new authentication system that doesn't use permanent passwords. Instead, they allow you to associate your Yahoo account with your phone, and text you a code on demand any time you need to log in. It's basically just the second step of traditional two-step authentication by itself. But Yahoo says they think it's "the first step to eliminating passwords."

42 of 213 comments (clear)

Min score:

Reason:

Sort:

I hope... by AlCapwn · 2015-03-15 21:22 · Score: 4, Interesting

I hope that if the recipient gets an encrypted email, it shoves the plugin down their throat. Maybe that way people will start adopting encryption.
1. Re:I hope... by circletimessquare · 2015-03-15 23:55 · Score: 4, Insightful
  
  you can't make people care
  there will be plenty that just don't care about privacy
  there will be plenty that don't care and they're right: their online life is shallow crap
  there will be plenty that don't care and they're wrong: their online info is used against them
  some small fraction of the latter group will make an effort to correct that problem
  this is, and always will be, a small percentage of people online
  and honestly: it's not a problem. most people just aren't that interesting
  if you want to spin frightening scenarios of government knowing everything about them, advertisers profiling their lives in every detail, the ease at which their finances and physical location can found in a snap, etc... they still won't fucking care
  welcome to reality
  
  --
  intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
2. Re:I hope... by Anonymous Coward · 2015-03-16 00:29 · Score: 2, Funny
  
  Burma Shave?
3. Re:I hope... by circletimessquare · 2015-03-16 00:45 · Score: 3, Funny
  
  so
  don't read
  
  --
  intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
4. Re:I hope... by AmiMoJo · 2015-03-16 01:21 · Score: 2
  
  Plugins are the wrong way to implement this. Plugins for browsers are generally a bad idea, and need extensive sandboxing to even begin to be secure.
  There are pure Javascript implementations of public key crypto, but what it really needs is a new standard that browsers can adopt to support it. That could be extensions to Javascript or it could be something else, but a Yahoo specific plugin isn't the way to go.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
5. Re:I hope... by CronoCloud · 2015-03-16 01:22 · Score: 2
  
  -----BEGIN PGP SIGNED MESSAGE-----
  Hash: SHA256
  Considering that very few slashdotters in this discussion have PGP keys posted to slashdot..... I don't think that's too likely.
  -----BEGIN PGP SIGNATURE-----
  Version: GnuPG v1
  iQEcBAEBCAAGBQJVBtjYAAoJEGgrLreJLenhhRwIALh3Sbcl2UVqx+pji+RCUytv
  Yv11qS60cUFD387ITf4CMaxGdLFyOim5Y0XNgrCWQoxtywxidZLFaB5TIfVKE8Tr
  Iyq/S9O2B4xCjxbAyhuYmjUfVNCH7renD8HoDn+uSMVLhwKuy3g9vvBwgz8UFJOf
  AiLHYGGosJpBs0+rj9tT4e7cukCKJj+RVvduOG5ev84IdoU64bHfr9xkrtofgGJl
  W7vV/O6jdzddk4iiLmKodkzdy2W4Y7eKPTSrTsLbJkfnp3bC5AM8oicSmj6R8xGi
  +bkmGDDwnhyX50l+jwqQUVGbJjAz0pw17WOLEJ2tLRNLXAAnNeVsawfSGJnvbpg=
  =eEN2
  -----END PGP SIGNATURE-----
6. Re:I hope... by CronoCloud · 2015-03-16 01:30 · Score: 3, Informative
  
  -----BEGIN PGP SIGNED MESSAGE-----
  Hash: SHA256
  The real problem is that people are using web browsers to read their e-mail instead of a proper e-mail client that already supports the existing standards of pgp and s/mime This yahoo plugin is actually based on google's code for an end to end plugin. It implents pgp.
  -----BEGIN PGP SIGNATURE-----
  Version: GnuPG v1
  iQEcBAEBCAAGBQJVBtrWAAoJEGgrLreJLenh890IAJMHRwdi6vN1wSFhJnDNHqIX
  GTuTGo7BEFp0+4Qo9mTiYtbF8HhJy1NAClXUKQ+fsHF6NwfvqEq2Fe7909oXPSNk
  DewmEMc8xHlKxp9xaz6kVNg8t3DoieJCc4JoSmkpXRPtsC/0k8bdrAaH/7dhk1ex
  mKU8QLjz60a9cOSU3BoBg9bG2GJacI+1fv6JxNUuV8LaxCwwIBSP/a3TYRRBnZX9
  +AW66Oljq/gf7UH+4NxuKxrZ2K2MRYDVi9N57skb8V9MfiK9livZCPNxPvGePpIk
  CmCJXa9pHY9+fkIwJeHCbIEPumC5wMcUJcnvOupRbodEFI10oad0Hs0ZJXVwZec=
  =xOyc
  -----END PGP SIGNATURE-----
7. Re:I hope... by The+Grim+Reefer · 2015-03-16 02:08 · Score: 2
  
  Adam West, is that you? Or William Shatner?
8. Re:I hope... by mlts · 2015-03-16 02:57 · Score: 4, Interesting
  
  This is a solved problem, although by a commercial solution. Symantec's Encryption Desktop (formerly PGP desktop) allows one to either decrypt/check signature and view what is on the clipboard or decrypt/check signature and view what is in the current window.
  We don't need a Web browser plugin. This is like drilling a hole in a boat that has one hole already in it, expecting the water to drain out.
  Instead, we need something with functionality similar to SED that is completely standalone from other applications and functions completely independent of the Web browser. This is tougher than it sounds. GPG4Win is a good effort, but it does not come anywhere close to the ease of use that SED has. Macs and Linux have decent utilities like GPGTools (which was pictured.) If PGP decryption is put into something, it should not be part of a Web browser, but should be in the MUA. Web browsers should have as little running as possible, just so they have as small an attack surface since they are the biggest frontline for computer compromise these days.
  The beauty about the OpenPGP spec is that it is completely independent of any transport mechanism, be it Slashdot posts, E-mail, MMS, AIM, Facebook's PM, or a file saved to a ZIP drive. Tethering it to a protocol can easily render a quite secure system extremely insecure, if only for the fact that a specific program or browser extension would be needed for the decryption.
  Ideally, fetching E-mail via the Web should be more of an item of last resort, where one is using another machine. A high quality MUA (Thunderbird, Mail.app, Outlook, even mutt) is a lot more secure than a Web browser.
9. Re:I hope... by DarkOx · 2015-03-16 03:56 · Score: 2
  
  JavaScript is not a solution to this problem. To use PKI effectively you MUST trust the client. You can't trust the client if its being sent to you from the one of the men in the middle "Yahoo" every time you use it.
  All it takes is for any of the following to happen and you are boned.
  1) Someone SE's a CA or obtains a Yahoo.com Certificate by some other method, national security letter, hack of yahoo etc, the MITM you an Yahoo
  2) Somebody hacks Yahoo and is able to alter the content on their web servers
  3) Yahoo complies with some third party request of some kind.
  In all of these cases someone can simply change the JS implementation to send them the content or send them the keys, and your browser won't blink. It won't tell you anything has happened.
  At least with a plugin you are aware when you are asked to update it etc. I am not aware of any current browser that will just update a plugin without asking. So if you are sufficiently paranoid to say, "this could possibly be fishy I am going to not check my mail right now and make sure the same thing happens on a better secured host and edge network someplace else" you might be spared. Its still not a good system though.
  
  --
  Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
10. Re:I hope... by unrtst · 2015-03-16 09:10 · Score: 2
  
  The real problem is that people are using web browsers to read their e-mail instead of a proper e-mail client that already supports the existing standards of pgp and s/mime This yahoo plugin is actually based on google's code for an end to end plugin. It implents pgp.
  The problem is that the browser+javascript is the most ubiquitous platform around. It is also FAR more convenient to use.
  I'd love to see a decent FOSS webmail application that supports encryption. The only options that exist right now are pretty weak compared to something like GMail.
  I get the feeling that very few people understand the problem here.
  Both pgp/gpg and s/mime require ownership of a public/private key pair.
  True, all the algorithm stuff for signing and encryption has already been implemented in javascript, but it's all useless without the keys.
  How do you store and access those keys safely and securely from a web browser? That's what most of the existing webmail plugin solutions for pgp/gpg/smime do - they just provide a local keystore and make that available to the js methods to do the work.
  Right now, you can't do S/MIME in a webmail app without a plugin.
That's great if you have a mobile phone by dixonpete · 2015-03-15 21:30 · Score: 5, Informative

I don't. I tried to sign up with Yahoo a few weeks ago and got cockblocked by this. They required a mobile number.
1. Re:That's great if you have a mobile phone by Anonymous Coward · 2015-03-15 21:37 · Score: 2, Informative
  
  The mobile number is just used to ensure two channels to the client, preventing a third party to sniff both part of the initial key. This is a very standard way to ensure that the encryption is actually secure. I would be more nervous if they DIDN'T require a mobile number (or secondary channel)
2. Re:That's great if you have a mobile phone by itzly · 2015-03-15 22:27 · Score: 3, Interesting
  
  If the phone number is exchanged on a compromised channel, it can still be attacked by a man in the middle.
3. Re:That's great if you have a mobile phone by gl4ss · 2015-03-15 23:33 · Score: 2
  
  why would you do it in a way where interception of the initial communication would compromise anything? the client program can have the cert included so mitm would set off alarms, so to compromise it the initial client delivered to the handset would need to be have been compromised, in which case you would be fucked anyways?
  you know why they want the phone number and so does pakistani government..
  
  --
  world was created 5 seconds before this post as it is.
4. Re:That's great if you have a mobile phone by mordjah · 2015-03-16 01:55 · Score: 3, Interesting
  
  uhm.. no its really not.. you can purchase prepay sims that work as mvno (second class citizen, but no id) over the counter for 20 bucks or so.. no id needed.
  
  --
  "A mind reader? That sounds like sci fi." "Honey, we live on a space ship"
5. Re:That's great if you have a mobile phone by BradMajors · 2015-03-16 05:02 · Score: 2
  
  Their real goal is to prevent anonymous accounts. If they have your cell phone number they know who you are.
BS by Anonymous Coward · 2015-03-15 21:40 · Score: 2, Insightful

End to end encryption with sending the code over an unsecure SMS so that the NSA can decrypt it anyway.
Nice.
*facepalm* by thegarbz · 2015-03-15 21:53 · Score: 4, Insightful

Yahoo needs to understand that the purpose of 2-factor authentication was not to replace passwords, but rather to ... provide a second factor of authentication.
Remember ideally:
1. Something you know
2. Something you have
3. Something you are
Each is no more secure than the other, but together they form a far stronger system than any individual component.
1. Re:*facepalm* by itzly · 2015-03-15 22:02 · Score: 4, Informative
  
  I'm sure Yahoo understands this. But who wants to go through the hassle of two factors of authentication (including using a unique and difficult password) every time they want to read an e-mail ?
  What they trying to do is find a way to provide good enough security that people will actually use.
2. Re:*facepalm* by mwvdlee · 2015-03-15 22:16 · Score: 4, Insightful
  
  Wouldn't this ideally be presented as a choice to users?
  1. I don't care who reads my email; use either password or SMS only.
  2. I care only slightly who reads my email; use two factor authentication.
  3. My email is actually of some importance; choose a different email provider.
  4. My email contains sensitive information; cancel all my email accounts.
  
  --
  Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
3. Re:*facepalm* by itzly · 2015-03-15 22:19 · Score: 3, Informative
  
  Wouldn't this ideally be presented as a choice to users?
  Except for option 2, Yahoo offers those choices.
4. Re:*facepalm* by thegarbz · 2015-03-16 00:32 · Score: 3, Interesting
  
  Passwords don't need to be unique or difficult. That's just stupidity created by people with overly aggressive password policies. If someone is going to go to the effort of using the "Something you have" route for authentication then the "something you know" is not a lot of extra effort especially if we can do away with the stupid 8+char+number+capital+symbol+unique_unicode_char_not_typable_by_a_normal_keyboard bloody combinations.
  You instantly become resistant to brute forcing attempts with 2 factor authentication. The password doesn't need to be batteryhorsestaple if the max password entry rate is a password every 10 seconds. Simply horse would do. Heck Aardvark is probably sufficient too because who in their right mind would dictionary attack a password that slowly.
5. Re:*facepalm* by disposable60 · 2015-03-16 00:43 · Score: 3, Interesting
  
  Out in the boonies, or in a reception-poor building in the 'burbs, SMS can take literal days to get through.
  That would be an inconvenience up with which I would prefer not to put.
  Now, an app that works like one of those SecureID fobs, so I'm not dependent on the vagaries of wireless reception? That would be pretty cool.
  
  --
  You're looking for quotes? See my journal.
6. Re:*facepalm* by chihowa · 2015-03-16 02:39 · Score: 3, Interesting
  
  That's the purpose of "two-factor authentication", but not the purpose of any single factor. Yahoo is replacing the single factor "something you know" with "something you have", which is possibly an upgrade in security.
  The factors themselves aren't equivalent in terms of security. "Something you have" is much easier for a normal person to secure than "something you know". That's why houses and cars use keys and office buildings use keycards and not codes. People (on average) are pretty decent at holding onto their phone and horrible at keeping their password safe (even if they pick a good password, which they wont).
  
  --
  If you want a vision of the future, imagine a youtube comments section scrolling - forever.
7. Re:*facepalm* by mlts · 2015-03-16 03:14 · Score: 4, Interesting
  
  Another idea that comes to mind is to use a feature that all web browsers have had for over 10 years (even Lynx) -- client certificates.
  This way, on setup, the website asks the user if the current client certificate presented is the one he or she wants to use, then from there on, authentication is completely transparent.
  It goes without saying to have SMS as a backup, but the absolute easiest way to authenticate on a "known good" computer is to have a client cert.
To the second point by XB-70 · 2015-03-15 22:37 · Score: 4, Insightful

Fuck Yahoo! This is just a sleazy way to collect phone numbers and associate them with email addresses.
What if your phone is dead/stolen and you desperately need to get a message out? You're fucked.
NOTE: They just killed Yahoo! Profiles. In short, they are collecting data for themselves while making it harder and harder for Yahoo! users to search each other out.

--
*** Don't be dull.***
1. Re:To the second point by Himmy32 · 2015-03-16 00:32 · Score: 2
  
  Doesn't make it any less sleazy for them to do it.
They should adopt SQRL by mrlinux11 · 2015-03-15 22:58 · Score: 5, Interesting

SQRL completely eliminates the need for passwords https://www.grc.com/sqrl/sqrl....
Re:security by Anonymous Coward · 2015-03-16 00:40 · Score: 3, Insightful

With phones becoming primary form of email access for many, two-factor that relies on phone defeats the purpose.
A secure SMS ? by lolop · 2015-03-16 00:46 · Score: 2

As SMS are far than secure, they just transmit the key access to your emails as readable by [nsa]body.

--
-- Laurent Pointal
Re:Metadata by Comboman · 2015-03-16 00:51 · Score: 2

Sure there is. All you have to do is use stegnography to encode your message into a photo, then use that photo in what looks like a spam email message, then pretend your computer is taken over by a botnet and send the spam to a few thousand email addresses (including the one you actually want to send to). Absolutely no useful metadata there.

--
Support Right To Repair Legislation.
Re:This is likely bad news.... by CronoCloud · 2015-03-16 00:55 · Score: 2

I checked out the link, there was no mention of what kind of encryption they will be implementing.

Actually, one link directly says what kind of encryption:
https://github.com/yahoo/end-t...

Use OpenPGP encryption in Yahoo mail.
Yahoo End-To-End
A fork of Google's End-to-End for Yahoo mail.

and the other link shows it in action:
http://yahoo.tumblr.com/post/1...
If you watch the gif, you can see a PGP code block
Re:No Phone by Torp · 2015-03-16 00:57 · Score: 3, Insightful

I have one, but I don't *trust* Yahoo with it. The moment i won't be able to log in without my phone is when I give up on their services...

--
I apologize for the lack of a signature.
Let's tie my comm links unseparably together by gsslay · 2015-03-16 01:20 · Score: 4, Insightful

Oh no, my phone is dead/stolen! Better email people and tell them not to phone me and I'll be reachable by email.
Just need to log into my email and ... ... shit...
1. Re:Let's tie my comm links unseparably together by kaiser423 · 2015-03-16 02:07 · Score: 2
  
  I would hope that Yahoo is smart enough to do like Google does and have a set of one-time pads that you can refresh at any point. I always have a couple written in my wallet just in case I sit down at an untrusted terminal and my phone is dead.
Re:security by Marginal+Coward · 2015-03-16 01:46 · Score: 3, Informative

Also, don't lose your phone where evil people might find it.
Forgive me if I've got the following arithmetic wrong, but if they remove one factor from two-factor authentication, doesn't that make it one-factor authentication?
I don't see eliminating passwords as an important goal. Instead, the goal should be to increase security. To that end, I've recently begun to use two-factor authentication on all my important accounts. However, I'm finding that each service implements it differently, so it's a bit annoying to have to remember how to deal with each one. Also, I use one service that requires a hardware token which they mail to you, and that makes it more difficult to get the whole thing set up, compared to the more common case where you just give them your phone number and then two-factor authentication begins to work nearly instantly. So, it would be nice if we had some industry standards on all that.
Since some services make two-factor authentication somewhat difficult to set up, I get the impression that they find that the increased support costs for it to not be worth it, at least from the service's point of view. Of course, from the customer point of view, if it prevents a security breach to an important account, it's well worth the extra trouble.
Re:security by ArhcAngel · 2015-03-16 02:26 · Score: 2

Of course, from the customer point of view, if it prevents a security breach to an important account, it's well worth the extra trouble.
That's the problem. You can't prove it prevented a security breach so most users just see it as a PITA extra step and definitely NOT worth the extra trouble. My experience has been the harder it is to access something the less people use it. It's so hard to do some simple tasks on my current corporate network that at least half the office brings in their own laptops to get their work done. They just expense a WiFi hotspot and use it in the office.

--
"A person is smart. People are dumb, panicky dangerous animals and you know it." - K
Re:security by mlts · 2015-03-16 03:05 · Score: 3, Interesting

You just hit the nail on the head. As of now, if someone steals my phone in an unlocked state, they will be able to get the second factor... but they won't be able to log into the account due to the password. What having just one factor does is make a phone theft all the more crippling where a bad guy can do a lot of damage.
2FA is 2FA because it covers at least two of these properties: Something you know, somewhere you are located, something you are, and something you have. For example, a secure biometric system uses the fingerprint/retina scan as a username, then a PIN for access, or a remote access system uses a password and a OTP so that if the password gets sniffed, the OTP is still an obstacle.
On the other hand, perfect is the enemy of the good. In general, someone is going to be less likely to have their phone stolen than to have their password sniffed or cracked, so moving to a SMS message can be argued to be a security improvement.
Public libraries offer one, not the other by tepples · 2015-03-16 05:12 · Score: 2

I don't even have a computer or internet access and they wouldn't let me sign up.
I see the point you're trying to make with your sarcasm, but there's a difference: Public libraries offer Internet access. They do not offer SMS access.
Can it be based on the sender? by tepples · 2015-03-16 05:14 · Score: 2

Then perhaps the right way to think about it is that the cost/benefit analysis differs depending on the sender. If the sender is Yahoo! or another authentication service, show only the sender. If the sender is anyone else, show the sender and a few words.
Unsupported carrier by tepples · 2015-03-16 05:15 · Score: 2

Can't you just make a throw-away VOIP (Skype, etc) number for this purpose, then get rid of it?

You can make it. You can try to use it. But when you do, Yahoo! will probably reject it as "unsupported carrier" the same way it does land lines.