Yahoo! JAPAN to Abolish Password-Only Login by Spring 2027: Mandating Passkeys for All Users

LINE Yahoo, the operator of Yahoo! JAPAN, announced on Tuesday that it will unify login for Yahoo! JAPAN ID under a single passkey system — a biometric-based, passwordless authentication standard — and will completely discontinue password-only login around Spring 2027. The move affects tens of millions of monthly active users and represents one of the most sweeping authentication policy changes by a major Japanese internet platform to date.

The announcement, made on April 14, 2026, is a culmination of a long-running push by Yahoo! JAPAN toward passwordless authentication that began in 2017, when the company first introduced SMS-based sign-in as an alternative to passwords. Since then, the proportion of users logging in without a password has grown dramatically, forming the foundation for today’s more decisive policy shift.

What Is a Passkey?

A passkey is a login method built on the FIDO/WebAuthn industry standard, developed by the FIDO Alliance. Rather than requiring a user to remember and type a secret string of characters, a passkey uses the biometric sensors already built into modern smartphones and computers — such as fingerprint readers or face-recognition cameras — to generate and authenticate a cryptographic key stored on the user’s own device.

Crucially, the biometric data itself never leaves the device. LINE Yahoo confirmed that fingerprint or facial recognition information is processed entirely on-device and is neither transmitted to nor stored by the company. What is exchanged is only a cryptographic signature, making the system resistant to both phishing attacks and large-scale password database breaches.

Why Now?

LINE Yahoo cited a rising tide of cyberattacks targeting authentication credentials — particularly phishing scams and password list attacks, in which stolen credentials from one service are tried systematically against others — as the primary driver for the change. The company stated that the transition to a more secure and convenient login method has become a “critical issue.”

Passkeys are inherently resistant to phishing because the cryptographic key is bound to the specific website for which it was created. A user cannot be tricked into handing over a passkey to a fraudulent lookalike site, since the device verifies the domain before completing authentication. Yahoo! JAPAN’s own data, published via the FIDO Alliance, showed that unauthorized access rates declined as passwordless authentication spread among its user base.

Transition Timeline & What Changes for Users

• April 14, 2026 LINE Yahoo announces the unified passkey transition plan. Users who still rely on password-only login will begin seeing prompts in the Yahoo! JAPAN ID login interface encouraging them to set up a passkey.
• Transitional Period (2026–Spring 2027) Two alternative methods remain available as stepping stones: SMS authentication (a six-digit code sent to a registered mobile number) and a combined method of password plus one-time password (OTP). The company will monitor migration progress and phase users toward passkeys progressively.
• Spring 2027 Password-only login is discontinued. Users who have not yet established an alternative method will be required to switch to passkey, SMS authentication, or the password-plus-OTP method before this date.
• Post–Spring 2027 (Timeline Unspecified) SMS authentication and password-plus-OTP login will continue to be available “for the time being” beyond Spring 2027, with the company signaling a gradual, longer-term consolidation around passkeys alone.

Implications for Users

For the roughly 90% of users already authenticated without a password, the change will largely be seamless. Those still relying on a standalone password — which, according to earlier company data, includes a significant portion of the user base — will need to act before Spring 2027.

Passkeys can be set up through the Yahoo! JAPAN ID settings on both mobile and desktop. Once configured, users authenticate simply by confirming their identity through their device’s biometric system — a face scan or fingerprint — with no codes to remember or type. Modern cloud-synced passkeys, supported by Apple, Google, and Microsoft platforms, also allow a passkey registered on one device to be available across multiple devices signed into the same account, easing concerns about device loss or replacement.

Broader Context

Yahoo! JAPAN’s move is part of a global trend. Major platforms from Apple and Google to Microsoft have been aggressively promoting passkeys since 2022, when the three companies jointly announced cross-platform passkey support. The FIDO Alliance, which stewards the underlying standards, has documented growing adoption across consumer and enterprise services worldwide.

For Japan specifically, where LINE Yahoo operates one of the country’s most widely used internet platforms — spanning search, e-commerce, email, and financial services — the decision carries significant weight. A successful mass transition by Yahoo! JAPAN could accelerate passkey adoption across Japan’s broader digital ecosystem and serve as a model for other large-scale platforms navigating the same challenge.

LINE Yahoo stated it will continue to prioritize both security and convenience as it guides its users through the transition, and will provide detailed instructions to users who need help configuring a passkey on their devices.