September 8, 2021

Yahoo! JAPAN turns to FIDO Authentication for Enhanced Login

Yahoo Japan Corporation is an internet company offering more than 100 services, including search engine, auction, news, weather, sport, email and shopping to the more than 51 million active users on its platform.

For Yahoo! JAPAN, the act of signing in is the entry point to all of its services. This makes it critical that the experience at that entry point is a positive one for all users. At the same time, it’s equally critical that every user’s personal information is well protected.

To find the right balance between convenience and security, Yahoo! JAPAN turned to FIDO Authentication.

From Early Member to Early Adopter

Yahoo! JAPAN was one of the earliest members of the FIDO Alliance, joining in April 2014. In its role as a member, executives from Yahoo! JAPAN participated in user authentication specifications development, particularly the FIDO2 standards, and best practices for FIDO adoption for consumers via the Alliance’s Consumer Deployment Working Group. Yahoo! JAPAN was appointed to the FIDO Alliance board of directors in 2019.

During this time of actively contributing to the FIDO Alliance, Yahoo! JAPAN was evaluating FIDO for its own services. Yahoo! JAPAN had been offering SMS one-time passcodes for two-factor authentication but they weren’t quick, secure or easy enough for their users. By taking a standards-based approach with FIDO, specifically the FIDO2 standards, Yahoo! JAPAN learned it could provide strong authentication in a very simple way via on-device biometrics on billions of supported mobile, desktop and laptop devices.

Yahoo! JAPAN’s journey with FIDO deployment began in 2018 when the company became the first in Japan to certify a FIDO2 server, a necessary component to delivering FIDO Authentication to its users. After extensive internal testing and piloting, Yahoo! JAPAN unveiled its first deployment on Android Chrome in October 2018, the first deployment by a relying party. Today, the company now offers FIDO Authentication on Android and iOS both in the browser and for native applications (see figure 1 for the deployment journey). Next up, Yahoo! JAPAN plans to offer FIDO Authentication on desktop and laptop PCs.

Simultaneously with its FIDO deployment, Yahoo! JAPAN began offering its users the opportunity to disable passwords entirely, and register new accounts without having to establish a password.

For Yahoo! JAPAN users that have opted in to FIDO, sign in is very simple
(see figure 2):

  1. The user inputs their user ID and clicks next
  2. Their device prompts them for their biometric, such a fingerprint
  3. The user presents their biometrics and is successful signed in


The FIDO protocols, including FIDO UAF and FIDO2 specifications, use standard public key cryptography techniques instead of shared secrets to provide stronger authentication and protection from phishing and channel attacks. The protocols are also designed from the ground up to protect user privacy.

The protocols do not provide information that can be used by different online services to collaborate and track a user across the services, and biometrics, when used, never leave the user’s device. This is all balanced with a user-friendly and secure user experience through a simple action at login, such as swiping a finger, entering a PIN, speaking into a microphone, inserting a second- factor device or pressing a button.

For its deployment, Yahoo! JAPAN leveraged FIDO2 standards with biometric authenticators.

“Password disablement is the end goal for us for the overall security and usability of our platform, and we see FIDO as a key factor in helping us get there faster,” — Yumi Ashida, product manager at Yahoo! JAPAN

Yahoo! JAPAN also values its membership in the FIDO Alliance for its role in helping to easing deployment and increasing adoption. Membership provides a platform for the company to provide direct feedback to other stakeholders including the operating system platform providers and work directly with them on overcoming challenges they face. And, it allows them to work with other service providers working on deployments to share experiences and best practices.

“For others deploying FIDO Authentication in the consumer environment, it’s important to understand the time and resources that it will require. But considering the meaningful impact that FIDO brings — it’s well worth it,” — Yumi Ashida, product manager at Yahoo! JAPAN

Realizing the Benefits of FIDO

For users of FIDO to access Yahoo! JAPAN’s services, their sign in time has decreased dramatically — by 37% compared to other login methods. ”Because signing in is the entry point to all of our services, quicker and more successful sign ins means our users can access our services that more quickly — this makes a hugely positive impact on our users’ overall experience on our platform,” said Yumi Ashida, product manager at Yahoo! JAPAN.

To increase adoption and get more users to experience these benefits, Yahoo! JAPAN leverages many tactics, including email promotion and pop up notifications at login to invite users to enroll with FIDO. Key to this strategy is conveying the benefits of FIDO Authentication, including faster sign ins, more security and the ability to remove the password from the login flow. At the same time, Yahoo! JAPAN is continuously working to ensure its user experience with FIDO is optimized.

MORE Implementation & Deployment

Webinar: Making FIDO Deployments Accessible to Users with Disabilities

In achieving FIDO Alliance’s mission of more secure and password-free...

December 19, 2022

Webinar: Making FIDO Deployments Accessible to Users with Disabilities

In achieving FIDO Alliance’s mission of more secure and password-free...

FIDO Alliance Provides Guidance on Making FIDO Deployments Accessible to People with Disabilities

By Christina Hulka, executive director and COO of the FIDO...

December 8, 2022

White Paper:  Guidance for Making FIDO Deployments Accessible to Users with Disabilities 

In achieving FIDO Alliance’s mission of more secure and password-free...

October 13, 2022
Download Authn Specs

このフォームを送信することにより、FIDO Alliance, 401 Edgewater Place, Suite 600, Wakefield, MA, 01880, US, からのメールを受信することに同意したことになります。また、各メールの下部にある配信停止リンクを使用することで、いつでもメールの受信に対する同意を取り消すことができます.

Sign up for updates!Get news from FIDO Alliance in your inbox.

By submitting this form, you are consenting to receive communications from: FIDO Alliance, 3855 SW 153rd Drive, Beaverton, OR 97003, US, You can revoke your consent to receive emails at any time by using the unsubscribe link found at the bottom of every email.