Yahoo, the provider of one of the world's leading free email services, has launched a new time-sensitive password service that is a step above two-factor authentication.
The On-Demand password service, launched by Yahoo at South by Southwest (SXSW) on Sunday 15 March, means that Yahoo mail users will no longer have a password permanently tied to their account.
Instead, every time they want to sign into their account, they will need to press a button that says "send my password" in the web browser.
A temporary time-sensitive code is then immediately sent to the user via text message to their mobile phone, enabling the user to login to their email, but if they wait too long to login, they'll have to request a new code.
The new service is now live, but at present it is only available to users based in the US, so even if you have a Yahoo.com account, it won't be available for a while to users in other countries.
At the moment, Yahoo mail users can activate two-step authentication on their accounts, whereby the user first types in their usual permanent password, and then receives a unique code to their mobile phone that they have to enter in order to complete the login process.
Users can also choose to set up app passwords so that they can access their email more securely on iOS and Android devices.
Yahoo demos end-to-end PGP encryption plugin
Yahoo also demonstrated a working version of the new PGP end-to-end encryption service it has been working on, which is expected to be up and running by the end of this year.
The demo shows a user activating PGP encryption in less than a minute after installing Yahoo's plugin and then sending an email to another user.
The recipient's email, subject line and time stamp are left visible, but the message contents are encrypted and can only be viewed by the sender and the receiver.
The encryption technology is built on the PGP plugin developed by Google for its Chrome browser and will make it much easier for users to encrypt their emails than GPGTools, an open source software used to encrypt OS X Mail on Mac computers.
While the service will be useful to both private individuals as well as people who require a degree of security in their communications like journalists, Yahoo doesn't want users to encrypt every single email they write, once the PGP encryption service is launched.
Yahoo's information security chief Alex Stamos told the Washington Post that the technology would be used by users when sending particularly sensitive emails, such as when sending financial documents to your accountant.
Also, if the other party does not activate PGP encryption, then all emails sent to the Yahoo mail user from that party would not be encrypted.
Since companies like Yahoo scan the contents of users' messages in order to serve up targeted advertising while the user is logged into their email in the web browser, not encrypting every single email would be better for email providers.
For now, the next step for Yahoo will be to release the code behind its PGP plugin for the public to review, before launching the encryption service at the end of 2015.