Yahoo on-demand password

Options

Comments

  • RichardPayne
    RichardPayne
    Community Member
    Options

    I think the article covers it well enough. This isn't a 2FA replacement. It has the plus of lower risk server side but I higher risk of compromise client side.

    I won't be using it.

  • prime
    prime
    Community Member
    Options

    From the looks you just log in with your email address and a password will be sent to your phone. So it would get really annoying having some jerk just type your email address and you get a text all the time.

  • AGAlumB
    AGAlumB
    1Password Alumni
    Options

    @prime: Indeed. I don't know about you, but I get enough spam. :p

    @RichardPayne: Even more troubling, someone getting your phone would allow them to get into your account without having to also have your password.

    I like that they are at least trying, though. I guess. >_<

  • svondutch
    svondutch
    1Password Alumni
    Options

    @brenty Besides the risk of someone getting your phone, there is also the risk of...

    1. someone forwarding your calls, and then
    2. have an accessibility feature read your texts out loud over the phone
  • AGAlumB
    AGAlumB
    1Password Alumni
    Options

    Wow.

  • RichardPayne
    RichardPayne
    Community Member
    Options

    I think @svondutch's post points out most is the need to prioiritise security over convenience on your email account. That account controls access to all of your other accounts and it's security is paramount.

    Oh, and use authenticator apps, not texts. :)

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited March 2015
    Options

    @RichardPayne: Well, if your phone falls into the 'wrong hands' (literally, ha!) then both the authenticator app and the SMS app will be compromised. It highlights the importance of using the phone (whether through text or app) as a factor in addition to your password, rather than as a replacement for it. We certainly live in interesting times. ;)

  • prime
    prime
    Community Member
    Options

    @brenty
    If your phone falls into the wrong hands, this is why (I think) it's very important to have a passcode on your phone. Sadly, I know a lot of people who don't, because "they never leave their phone unattended". They are called accidents for a reason.

    You're right, very interesting times we live in, I remember when I only had 3 passwords for years and thought it was safe and a good idea.

  • Megan
    Megan
    1Password Alumni
    Options

    Hi @prime,

    Yes, a passcode on your phone is DEFINITELY a good idea. We store so much valuable information on those little portable easily-misplaceable devices, it only makes sense to keep it protected. :)

  • prime
    prime
    Community Member
    Options

    @Megan
    I am shocked how many people don't have a password for their cell phone. They think "I alway have it" or "its a pain". I think it's more of a pain calling having an "oops".

    I also don't use a 4 PIN passcode either now, since Touch ID, no reason not to have a stronger password for your phone.

  • AGAlumB
    AGAlumB
    1Password Alumni
    Options

    @prime: My wife says, "But my password is too long and I keep forgetting it!

    Exactly. There's an app for that! :p

    Touch ID is amazing. Unfortunately 1Password hasn't gotten Lock Screen Status (yet)™. :pirate:

This discussion has been closed.