What is a Yahoo Account Key? Can It Secure Your Account?
In 2016, Yahoo announced that it had suffered a series of data breaches during which hackers stole in excess of 3 billion user records, and it subsequently received more than its fair share of flack for this. Some of the criticism was indeed well-deserved. The incidents had remained undiscovered for years, and the notifications apparently left some users wondering what had actually happened. Because of the data breaches, however, many people assumed that Yahoo doesn't care about the security and privacy of its users at all, and that's not quite true.
What was once the world's most popular search engine has made multiple steps to ensure that the people using its services are better protected. The introduction of the Yahoo Account Key was just one of them.
How does the Yahoo Account Key work?
In essence, Yahoo's Account Key is a passwordless authentication mechanism. As with virtually all online services, by default, logging into your Yahoo account means opening a browser, visiting a website, and then entering a username and a password. It's the most basic authentication method out there, and as many of you know to your own cost, it has many disadvantages.
In 2015, Yahoo introduced the Account Key in order to give users a method of authentication that doesn't involve the inherently insecure password. Although it's been around for more than four years, however, some people apparently still don't know what it is and how it works.
To use the feature, you need to have a smartphone or a tablet with the Yahoo Mail app installed, and you need to be signed into your Yahoo account on it. To activate your Yahoo Account Key from a browser, you have to:
- Go to the Account security section of your profile settings
- Click See how it works under Yahoo Account Key
- Click Send me a notification and confirm that you want to send a notification to your phone
- A sample push notification will appear on your phone. Tap Yes to see how the feature works in action, and if you like it, click the Always use Yahoo Account Key in your browser window
Setting up Yahoo's Account Key on your phone is, if anything, even more straightforward:
- Open the Yahoo Mail app and click on your profile avatar in the top-left corner
- Click Account Key under your email address and click Set up Account Key
- The sample push notification will appear to show you how the feature works. Click Yes and then Got it to proceed
- Make sure that the secondary email associated with your Yahoo account is valid and click Enable Yahoo Account Key to activate the feature
When your Account Key is activated, you will still need to enter your email address in order to sign in to your account. Instead of typing in your password as well, however, you'll just tap Yes on the push notification that appears on your phone. In terms of convenience, it sounds like a step in the right direction. But how can it affect your security?
The advantages and disadvantages of Yahoo's Account Key
There's a very good reason why online service providers like Yahoo want to move away from the password as a means of authentication. People just can't be bothered with creating strong, unique passwords, and many users protect their accounts with easy-to-guess and reused login credentials.
For them, Yahoo's Account Key can be beneficial. In addition to eradicating the need to memorize a password, the system relies on the physical presence of a device (and the ability to unlock it), which is certainly more secure than the use of "Password123!" as the only obstacle in front of hackers. The said physical presence can also cause problems, though. If your smartphone gets damaged or lost, you'll need to unlock your Yahoo account through the secondary email address you've associated with it. Before you activate Yahoo's Account Key, you must make sure that you have access to the secondary address which should be well protected.
It's also crucial to make the distinction between a passwordless mechanism like the Yahoo Account Key and two-factor authentication. The idea behind the Account Key is to replace your password with a notification that appears on your personal device, and in that sense, it doesn't add an additional step that the attackers need to go through in order to compromise your account.
If you'd like to use your Yahoo Account Key, you should make hackers' lives harder by ensuring that your phone is as good as impossible to unlock. The alternative is a strong password for your Yahoo account and two-factor authentication which should give you similar levels of protection.