Yahoo's next step in password security could be to eliminate them altogether.
Starting today, the company announced, users of the Yahoo Mail app on both iOS and Android will have access to a new service called Yahoo Account Key, which uses smartphones to verify identities in lieu of traditional passwords.
When users who sign up for Account Key try to access Yahoo Mail, they will no longer need to enter their password. Instead, the Account Key service will send a message to the smartphone connected to the account.
With a tap on yes or no, users can indicate it is a legitimate attempt to get into the account or deny unauthorised access.
If their smartphone is lost or stolen, users can verify identities through an email or a text message sent to alternative accounts and numbers.
Yahoo's, Dylan Casey, vice president of product management, said Account Key was more secure than traditional passwords because it prohibits anyone from signing in to access an account without the verification that Account Key provides.
Satnam Narang, a security manager with Symantec, called the approach "a step above a password" but said it still falls short of the golden standard of two-factor authentication, which requires users to confirm their identify with two different pieces of information.
He also expressed doubts that most users will let passwords die easily and encouraged widespread adoption of password management tools until a new verification method replaces them for good.
"I think passwords are going to be around for a little while, I don't think they're going away as soon as we'd like them to. They're so ingrained in everything we do from banking to email to shopping, you name it," Narang said.