Subscribe

Yahoo steps up mail security

Lauren Kate Rawlins
By Lauren Kate Rawlins, ITWeb digital and innovation contributor.
Johannesburg, 17 Mar 2015
Yahoo focuses on user-security.
Yahoo focuses on user-security.

This week, Yahoo announced two security features it will add to its Yahoo Mail service: end-to-end (E2E) encryption extension and on-demand passwords.

Alex Stamos, Yahoo chief information security officer, said in a statement: "Just a few years ago, E2E encryption was not widely discussed, nor widely understood. Today, our users are much more conscious of the need to stay secure online. There is a wide spectrum of use for E2E encryption, ranging from the straightforward (sharing tax forms with an accountant), to the potentially life-threatening (e-mailing in a country that does not respect freedom of expression)."

Stamos said the company's goal is to provide an intuitive E2E encryption solution for all users by the end of 2016. It has released the source code for feedback.

"We've released the first Yahoo-specific E2E encryption extension source code on GitHub. We encourage other mail providers to build compatible solutions, and for security researchers to take a look and report any potential vulnerabilities they find via our Bug Bounty programme," said Stamos.

ITWeb Security Summit 2015

Don't miss the definitive event for security professionals:
26 to 28 May, Vodacom World, Midrand
Book today!

In a separate statement released on the same day, Chris Stoner, Yahoo director of product management, said Yahoo is introducing on-demand passwords.

These different-each-time passwords will be texted to the user's mobile phone when needed, eliminating the need to memorise a difficult password to sign in to an account. On-demand passwords are not yet available to South African users.

This decision has come under fire by Twitter users who question: "What happens if I lose my phone?"

Share