Yahoo mail password recovery without phone number and email

Passwords are terrible: they're inefficient and they're often insecure, too. Many leading tech companies have embraced two-factor authentication as a more secure option, but they're optional and only those particularly concerned about their digital identities take the time to set it up.

That's why Yahoo is taking a new approach, called "on demand" passwords. Like two-step authentication, you'll be sent a unique time-sensitive code through an app or a text message to your phone when you want to log in. But there's a key step missing: you won't have to type in your primary password first. That's right, with "on demand" passwords, you won't have a permanent password tied to your account that's required every time you log in. Some might even call it "one-step" authentication. When you try to sign in, you'll see a "send my password" button instead of a traditional password text box if you enable the system. The new sign-on method is available now.

"The first step to eliminating passwords."

Yahoo VP Dylan Casey called the feature "the first step to eliminating passwords," according to CNET. While that may be true, there's no denying that "on demand" passwords are inherently less secure than systems that employ two-step authentication, which Yahoo already offers as an optional feature to its users. But if "on demand" can hit the sweet spot between convenience and security, it might just be able to convince people to leave their old passwords behind. Of course, if your phone falls into the wrong hands, your accounts will be easily compromised.

This isn't the first time a company has looked into eliminating the password. The world's largest tech companies are working to find the successor to the dated password — and many are turning to biometric readers like fingerprint or eye scanners for a solution.

Yahoo Mail has never been known for its security standards, but the company is working to turn that around. Alongside "on demand," Yahoo also showed off a working version of its new end-to-end encryption system at South by Southwest today. The system is designed to make it far easier to encrypt emails, and it's built off of a Google-made Chrome extension that's still in the alpha stage. In a video demo (below), Yahoo compared its method to traditional methods, which are not particularly user-friendly.

End-to-end email encryption coming this year

Unfortunately, the system won't be automatically enabled for every email — in an interview with The Washington Post, Yahoo security chief Alex Stamos says he expects users to employ the security measure just for particularly sensitive emails. According to The Wall Street Journal, the system will still leave information like the recipient, subject line, and timestamp unencrypted, but the message contents will only be visible to the sender and receiver. Yahoo expects to have end-to-end encryption online by the end of the year.

Yahoo wants to end your dependency on memorizing passwords — or creating crap ones that can be guessed or hacked — after it introduced a new “on-demand” system that sends a one-time password when you need to log in.

The new approach is designed to increase security and make your Yahoo account less hackable. In some ways it achieves that. Countless millions of people recycle memorable passwords across a number of services, including their email account. Not only are they usually fairly hackable in nature (randomized passwords are preferred), but they’re inherently insecure because, if/when cracked, they open large parts of your digital identity, or your entire online presence.

On-demand passwords, which are not usable after you’ve logged in, are designed to remove that password-chain/ potential domino effect because they are specific to your Yahoo account. But, there’s one fairly major caveat: if you lose your phone, the person in possession of it has a ticket into your email.

In some cases, if you get SMS notifications on your lock-screen, the on-demand password will show up even if your phone is locked. So, if you lose it, the person who picks it up doesn’t even need to know your passcode to get into your Yahoo account once they know your ID.

A better approach might be two-step passwords, whereby after entering your main password, you are then set a temporary password via SMS. That’s the basic if two-factor authentication. Yahoo told CNET that this is “the first step to eliminating passwords,” so we hope expect that there’s more to come on that front.

Yahoo is right to focus on mobile security, it’s an area where the average internet user is chronically unaware of best practices. Even those who are more savvy get caught out. The best approach remains a password manager, such as 1Password or LastPass, and an awareness of the risks.

In related news, the company also showed an early glimpse of its end-to-end email encryption plug-in, which it is working on in conjunction with Google, at South-By-Southwest.

The video below — via The Verge — aims to show how much easier Yahoo’s solution is to convention encryption options. The feature will be optional for users. When activated, it will keep the body of an email encrypted but leave basic details, like the timestamp and subject, unencrypted. Yahoo expects it to be made available before the end of the year.

How can I recover my Yahoo password without phone number or email?

How do you bypass a Yahoo Mail password?

How can I talk to Yahoo customer service?

How do I retrieve my old Yahoo account?