- The world’s first case of applying FIDO2-certified authentication to commercial services for the iOS Safari browser
- Aims to improve convenience and security by promoting authentication methods that do not use passwords
Yahoo Japan Corporation (“Yahoo! JAPAN”) has today completed the implementation of biometric authentication to the Android version of Yahoo! JAPAN service apps. With this, biometric authentication can now be used to log in to Yahoo! JAPAN’s various service apps (iOS/Android), such as the Yahoo! JAPAN app and Yahoo! JAPAN Shopping app, as well as the use through web browsers (Safari/Google Chrome).
Previously, log-ins for web services and apps were generally done using IDs and passwords. However, as the number of web services and apps that users use increases, it is becoming increasingly difficult for users to manage IDs and passwords for all services. In addition, there has been an increase in cyberattacks, such as phishing scams to steal passwords, and password list attacks, where a third party attempts to log in based on a list of IDs and passwords obtained illegally. There is an increasing need to shift to the next generation of authentication methods that do not use IDs and passwords.
Yahoo! JAPAN started the introduction of a passwordless SMS authentication in 2017, and since then has been sequentially implementing passwordless user authentication options to enhance the convenience and security for the users. These options include biometric authentication for the Android web browser introduced in 2018, biometric authentication for some of its iOS apps in 2019, and biometric authentication for the iOS web browser in 2020. As a result, more than half of Yahoo! JAPAN’s active users are now using passwordless authentication (SMS/biometric).
Yahoo! JAPAN app (Android version) and other apps, as well as smartphone web browsers are now supported by biometric authentication, enabling more users to use highly convenient and secure biometric authentication in a wider range of situations.
The biometric authentication specifications implemented by Yahoo! JAPAN is based on the FIDO2 standard developed by the FIDO Alliance, an industry group advocating the standardization of next-generation authentication worldwide. Yahoo! JAPAN is the first company in the world to introduce FIDO2-certified authentication to commercial services using the Safari web browser on iOS*.
■Comment from Mr. Andrew Shikiar, Executive Director, FIDO Alliance
As a key member of the FIDO Alliance, Yahoo! JAPAN has been promoting the standardization of FIDO authentication technologies in Japan and its early introduction into its services. I am very pleased to see the completion of the FIDO2-certified authentication to the iOS web browser, a first in the world for commercial services. I hope that Yahoo! JAPAN will continue to contribute to the development of authentication technology and its penetration among a large number of users.
Going forward, Yahoo! JAPAN will continue to expand the apps supporting biometric login and research better authentication methods in order to improve user convenience and security.
*As a commercial consumer service
<Services and Apps Supporting Biometric Authentication>
- Yahoo! JAPAN app: released in February 2021
- Yahoo! JAPAN Shopping app: released in January 2021
- PayPay Mall app: to be released soon
- YAHUOKU! app: to be released soon
- Web browser (Google Chrome): released in October 2018
- Yahoo! JAPAN app: released in October 2020
- Yahoo! JAPAN Shopping aps: released in May 2019
- PayPay Mall app: released in July 2020
- YAHUOKU! app: released in July 2020
- PayPay Flea Market app: released in July 2020
- Web browser (Safari): released in December 2020
(*Due to implementation reasons only iOS app biometrics is not FIDO2 standard.)
<How to Use Biometric Authentication>
The biometric login option can be enabled from the menu shown at the bottom of each app (“Others” > “Settings”) or from My Page. Please note that updates to supported versions of the app are required prior to use.
If users have passwords from the past, to improve security, Yahoo! JAPAN recommends users to disable them when setting the biometric authentication.
- Passwordless setting (Japanese only)
■FIDO Alliance (external site)
The FIDO ("Fast IDentity Online") Alliance is a global industry association formed in July 2012 and officially launched in February 2013 with a mission to enhance both security and convenience in authentication. It addresses the lack of interoperability among robust authentication technologies and frees users from the problem of creating and remembering multiple usernames and passwords. By standardizing the FIDO authentication, which is open, scalable, interoperable, simple, and robust, FIDO works to reduce the reliance on passwords in user authentication and bring change to the fundamental nature of online services.
Unless otherwise specified, English-language documents are prepared solely for the convenience of non-Japanese speakers. If there is any inconsistency between the English-language documents and the Japanese-language documents, the Japanese-language documents will prevail.