What? Yes, Yahoo. That Yahoo. Still in business and everything. Shocking, I know.
Ahem. I was skipping through the Yahoo blog this morning and they are floating an idea that I think has a some serious legs: On-demand one-shot passwords. You set up your account to take advantage of the feature, and instead of using your regular permanent password you can hit a button that will send a single-use disposable password to your verified mobile device.
While the blog post makes it sound like this is a panacea for those people who constantly forget their passwords – I’m looking at you, mom – it is actually a brilliant idea from a security standpoint. We have all heard the horror stories about hotel and airport wireless networks that are compromised with assorted chunks of malware that fish for user credentials when connected users connect back to their personal email or VPN accounts … and if professionally-administered networks can be easily infiltrated, it’s a pretty safe bet that the WiFi at your local coffee shop or library branch is packing some hidden nasties too.
This process is a simple and foolproof way to protect yourself – it doesn’t matter if the bad guys get your password, because it only works once. They can knock themselves out trying it all day long, and get nothing but air for their troubles.
I haven’t been able to try this yet, because the rollout is currently limited to users with a U.S. phone number. If you happen to live in the states and have a few minutes to try this out, follow the link to give it a shot and let me know how you get on. If it works as advertised, this is something I would love to see become widespread across the industry in a hurry. Credential theft is by far the biggest business in the world of cybercrime … being able to protect yourself in one easy step has the potential to be a game-changer.