Yahoo! Japan announced that it wants to close password login in its services: 30 out of 50 million portal users have already given up their passwords in favor of the FIDO standard and two-factor authentication with SMS.
Dedicated to this topic researchoperated by Yahoo! Japan and Google, the company is said to have started working on passwordless sign-in technologies back in 2015, but now it’s decided to enforce things: More than half of the company’s users use the same password across six or more websites. Denying passwords outright, the document says, makes it harder for attackers to steal them and also saves users from having to remember anything to maintain access to the system.
As an alternative to passwords in Yahoo! Japan offers either one-off versions that are sent via SMS at every login, or tools based on the FIDO standard, which Apple, Google and Microsoft have already chosen for their new initiative. The Japanese company noted that users don’t see any particular problems with using passwordless logins, but at the same time, the real job is to popularize these tools – explaining to people that there’s nothing wrong with them. Therefore, when registering for services with a high risk of fraud, the system prompts to switch to simpler and more secure login tools without a password.
Users are encouraged to use the same sign-in method for each user on all devices, Yahoo! Japan understands that this will be difficult for some, so “mixed” methods will be used in the near future. However, the results of the study show that the number of account hacking incidents decreases as the transition to authorization without passwords decreases.