Security News > 2022 > May > Yahoo Japan strives for universal passwordless authentication

Yahoo Japan strives for universal passwordless authentication
2022-05-11 08:19

Yahoo Japan has revealed that it plans to go passwordless, and that 30 million of its 50 million monthly active users have already stopped using passwords in favor of a combination of FIDO and TXT messages.

A case study penned by staff from Yahoo Japan and Google's developer team, explains that the company started work on passwordless initiatives in 2015 but now plans to go all-in because half of its users employ the same password on six or more sites.

"From a security perspective, eliminating passwords from the user authentication process reduces the damage from list-based attacks, and from a usability perspective, providing an authentication method that does not rely on remembering passwords prevents situations where a user is unable to login because they forgot their password," the case study states.

Users are encouraged to use authenticator apps that work with FIDO and WebAuthn, with one-time codes generated on the device used to access Yahoo Japan.

Users are encouraged to use the same authentication method on all their devices, but Yahoo ! Japan recognizes that's not easy or possible for all, and so will tolerate mixed methods.

Yahoo Japan has also seen a decline in unauthorized access as its number of passwordless accounts rises.


News URL

https://go.theregister.com/feed/www.theregister.com/2022/05/11/yahoo_japan_goes_passwordless/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Yahoo 12 2 38 2 10 52