Yahoo Highlight the Truth About Passwords

by Paul Davies, March 19, 2015

When you think about your online presence, you may assume you don’t need a VPN to provide web security. After all, all the most important online services are password protected. Online banking, email, even online shopping accounts all request password authentication before providing access, but by introducing their new ‘one off’ password facility, Yahoo have highlighted what we have been saying for years. In reality, passwords alone offer very little protection at all.

The Vulnerabilities of Passwords

In the past, Yahoo have depended on users creating their own passwords to provide secure access to online data, like most other online services, but in truth, passwords are vulnerable:

The very fact that the user creates them makes them intrinsically easy to hack. Even in today’s society, ‘password’, ‘12345’ and ‘qwerty’ are still amongst the top five most used passwords.

For those that try to be cleverer, the greatest risk is remembering the password. And with the user so likely to forget, service providers must offer ways to remind or renew the password, which of course leads to further susceptibilities.

In a recent survey it was suggested that more than 30% of users are still happy to enter their passwords over public Wi-Fi, therefore providing ample opportunity for online pirates to steal personal information. And as many users use the same password for many different facilities, when a password has been obtained on one system, it is highly likely to be effective across multiple platforms.

Yahoo’s New Solution

For their new solution to the fundamental issues with passwords, Yahoo are offering a facility whereby the password will only ever have to be entered once. The randomly generated password is sent via SMS and you will be asked to enter it directly into your account. Once it has been entered once, there will never be need for a password again.

Using such a facility means the password applied can be much more complex and completely random, so online hackers are much less likely to be able to gain access.

Furthermore, the one-time requirement means the risk of being overlooked when entering the password has also been eradicated. But though this is definitely a step in the right direction, something Yahoo have yet to address, is what happens if you actually lose the device?

If there is no lock screen on the device, any thief would have immediate access to personal information, or, if there was a lock, you could be unlucky enough to be sent your one time password when the device was in the hands of a questionable character.

Most users have their SMS messages set to appear even on a lock screen, which would mean a perpetrator could gain immediate access without even accessing the device.

This move by Yahoo may not be the final solution, but it has illustrated that the need to be careful with passwords and use a VPN service such as EasyHide-VPN on all devices that can hide IP addresses wherever you are. Otherwise you may leave yourself far more exposed than you ever thought possible.