
Yahoo Introduces Password-Free Login – Just Don’t Lose Your Phone - riaface
http://techcrunch.com/2015/03/16/yahoo-introduces-password-free-login-just-dont-lose-your-phone/
======
halviti
Good old one-factor authentication.

The huge problem with this (and I hate even saying this out loud) is stealing
phone numbers.

If I really wanted to hack your account, I would just port your phone number.
I won't give the details how, but let's just say it's not yet a perfect
system.

The number would get ported elsewhere, your phone company would probably
assign you a new number (or your phone stops working until you call them)..
the attacker would login, do whatever, and then in the next day or two when
you realize your phone has a different phone number.. it would be way too
late.

You'd likely even have a very difficult time getting your account back, since
you no longer have your phone number.

Not only that, but now your entire life is messed up slightly because nobody
knows your phone number.

We haven't seen too much of this yet, but I expect that to change. Thanks
yahoo.

------
kwhitefoot
I don't want Yahoo to know my mobile number. My bank has it because I trust
them and because they use it as one factor in a two factor authentication
sequence.

What about people who use more than one email account, perhaps one that they
need to keep quiet about? Forcing such people into using a mobile for
authentication puts them at greater risk in the real world.

