recommended reading

Yahoo Has Joined the War for Your Online Identity—About Half a Decade Too Late


For nearly half a decade, Yahoo has been giving away its most valuable asset to its rivals. Now it has decided that that must stop.

About 800 million people use one or more of Yahoo’s services every month. Some of those many millions log into Yahoo with their Google or Facebook credentials. This reduces what tech types call “friction,” or the trouble creating a separate username and password to use Yahoo. But that also means Google and Facebook get access to some basic data about what these people are doing on Yahoo’s sites. And in the competitive world of web advertising, where user data is the currency with which consumers pay for free online services, giving away even a little bit of that data to rivals is akin to Coke handing out its formula to every cola manufacturer in town.

Reuters reports this morning that Yahoo is sticking its finger in the dike. Yahoo Sports Tourney Pick’Em, a college basketball-themed service, will be the first for which Google and Facebook credentials will not be accepted. Over time, the changewill be introduced across all of Yahoo’s services, the company said in a statement.

Yahoo’s decision is a bold but necessary one. It signed up with Facebook in 2009 (paywall) in the hope that the deal would boost its user numbers. It had a similar arrangement with Google. (Indeed, Google too once allowed users to sign in with Yahoo, back when it launched its now-shut Wave service.) By pulling back, CEO Marissa Mayer, who was brought in to inject some life into the ailing company, is asserting that Yahoo has bigger ambitions than to be just another web service. Thousands of sites online accept Google, Facebook or Twitter credentials; Yahoo is signaling it wants to stand shoulder-to-shoulder with these giants, not be subservient to them. Its “sign in with Yahoo” service is already used by some sites, such as Hightail, a file-sharing service. Both Google and Yahoo use a standard established by OpenID, an open-source, decentralized organization.

Online identities are a growing area of interest across the industry, as the value of user data becomes clear. As UnboundID, an identity-management company, puts it (pdf, p.1), “In the identity economy, empowered customers will freely offer up identity data to serve their own interests—and the companies they do business with will reap unprecedented rewards.” In report calling personal data a “new asset class” the World Economic Forum and Bain, a consultancy, estimate that just two services—identification and authentication of users, and “offerings to profile and target customers for individualised advertising”—could be worth $52 billion by 2021 (pdf p.4).

Established web services aren’t the only ones anxious to manage your online identity. Independent efforts led by the academic institutions also exist. And the telecoms industry has established identity as one of the pillars of its strategy (pdf) to the end of the decade.

In the short term, Yahoo may lose some users who can’t be bothered with creating another identity. But in the long term, it is now in the right race, even if it’s joining several years late.

(Image via madpixblue/

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.


When you download a report, your information may be shared with the underwriters of that document.