— Yahoo! JAPAN, the first and sole company in Japan to achieve FIDO2 certification in September 2018, leverages FIDO2 to offer easier and more secure log-ins for its services —
Yahoo Japan Corporation (“Yahoo! JAPAN”), the first and sole company in Japan to achieve FIDO2 certification in September 2018, began leveraging FIDO2, the specification for secure log-ins using biometric authentication devices. As a result, Android smartphone users on web browsers can log into Yahoo! JAPAN services using biometrics such as fingerprints from today.
The FIDO2 adoption allows users to use biometrics (e.g., fingerprints) for log-ins instead of conventional authentication methods such as entering passwords or confirmation codes sent via SMS or emails. Yahoo! JAPAN will start its first FIDO implementation on Google Chrome*, a typical web browser for Android. The new authentication method can be used by logging into Yahoo! JAPAN ID and adding users’ Android smartphones to Yahoo! JAPAN’s biometric authentication log-in setting.
*Currently available only for Android (7.0 or above) and Chrome (70 or above).
The FIDO2 authentication method does not register and verify users’ biometrics (such as fingerprints) on Yahoo! JAPAN’s servers for log-ins. Instead, the method registers and verifies such information on users’ devices (such as smartphones) and merely sends verification results to the servers without storing biometric information on the Yahoo! JAPAN side. Furthermore, since biometric authentication can only be used from pre-registered devices, no other devices can be used to log in, even if a third party obtains the users’ biometric information.
Yahoo! JAPAN has taken various measures to prevent password list attacks, typical cyberattacks from malicious third parties attempting to gain unauthorized access, by promoting the use of passwordless log-ins. In April 2017, Yahoo! JAPAN released a log-in function where users, who newly register for Yahoo! JAPAN ID, can log in with verification codes sent to their smartphones via SMS or email. Furthermore, in May 2018, Yahoo! JAPAN released a function that allows users to invalidate their existing passwords and follow the same procedure as mentioned above, using verification codes sent to their smartphones via SMS or email. With the number of monthly logged-in user IDs that use verification codes for log-ins currently reaching approximately 4.5 million*, Yahoo! JAPAN strives to expand its secure, passwordless log-in environment.
*As of September 2018. The number of monthly logged-in user IDs totals 44.33 million as of June 2018.
Yahoo! JAPAN will strive to expand the use of biometric authentication and other secure log-ins to realize a passwordless world.
Yahoo! JAPAN’s biometric authentication log-in setting
*Available only for Android (7.0 or above) and Chrome (70 or above).
Yahoo! JAPAN’s biometric authentication log-in after registration
FYI: Yahoo! JAPAN became the First and Only Company in Japan to Be FIDO Certified with FIDO2, the New Specification for Web Authentication, Making Progress Toward a Secure Passwordless Environment. (September 27, 2018, Japanese only)
Unless otherwise specified, English-language documents are prepared solely for the convenience of non-Japanese speakers. If there is any inconsistency between the English-language documents and the Japanese-language documents, the Japanese-language documents will prevail.