Yahoo is trying something new: telling its users to bypass a password entirely in favor of a smartphone app through which a user grants access when a login is attempted. This seems like, in the words of one Twitter wit, two-factor authentication (2FA) with one factor. Is Yahoo’s Account Key offering a strange decision that will poorly affect the security of those with accounts in its network?
My straightforward answer is: No. Yahoo wants to make it easier for its users to have the benefits of authorized logins while reducing the utility of stolen passwords to bad actors, and it chose a method that’s better than passwords in nearly all circumstances. Strong words, I know! I don’t expect other companies to follow immediately, but Yahoo is trying to stand out.