Security News > 2022 > May > Yahoo Japan strives for universal passwordless authentication

Yahoo Japan has revealed that it plans to go passwordless, and that 30 million of its 50 million monthly active users have already stopped using passwords in favor of a combination of FIDO and TXT messages.

A case study penned by staff from Yahoo Japan and Google's developer team, explains that the company started work on passwordless initiatives in 2015 but now plans to go all-in because half of its users employ the same password on six or more sites.

"From a security perspective, eliminating passwords from the user authentication process reduces the damage from list-based attacks, and from a usability perspective, providing an authentication method that does not rely on remembering passwords prevents situations where a user is unable to login because they forgot their password," the case study states.

Users are encouraged to use authenticator apps that work with FIDO and WebAuthn, with one-time codes generated on the device used to access Yahoo Japan.

Users are encouraged to use the same authentication method on all their devices, but Yahoo ! Japan recognizes that's not easy or possible for all, and so will tolerate mixed methods.

Yahoo Japan has also seen a decline in unauthorized access as its number of passwordless accounts rises.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/05/11/yahoo_japan_goes_passwordless/