Yandex now lets you log in without a login (or a password)

Yandex, the Russian Internet’s leading search engine, launched its own two-factor authentication service today, which allows users to protect their accounts using a mobile app called Yandex.Klyuch (Yandex.Key).

Yandex’s press office told Meduza the new app allows people to link their mobile devices to their accounts. Access to the app is protected by a PIN or, if your device supports Touch-ID, a fingerprint.

After syncing, it’s no longer necessary for users to enter their password again in a Web browser to access Yandex services. To log in, all they need to do is scan a QR code that appears on-screen, using Yandex.Klyuch. Once this step is completed successfully, Yandex grants account access automatically.

“Usually, two-factor authentication requires users enter their accounts with their login and password, followed by some form of identity verification (usually an SMS message),” a Yandex spokesperson explained. “Our system is even simpler. All you have to do is activate two-factor authentication in your settings and install the mobile app. In Yandex’s settings on your Web browser, you’ll then find a QR code, which you scan. Whenever users need to log in to their accounts, all they have to do is scan a QR code using the app, and they’re in.”

If scanning the QR code doesn’t work (for instance, when a mobile device’s camera malfunctions or if Internet access fails), Yandex.Klyuch creates a one-time password that expires after 30 seconds, making it difficult for hackers to intercept the data in such a narrow time window. 

In 2011, Google was one of the first Internet companies to introduce a two-step authentication process. The Google Authenticator app can generate a QR or digital code that expires after 30 seconds. The code needs to be entered in addition to a user’s login and password. Authenticator also works with services other than Google’s and can be used for two-factor authentication with websites like Facebook and VKontakte.