Re: Nothing wrong with insecure passwords
I think, reading the tea leaves in this article, the real issue is that passwords (by themselves, at least) are just about obsolete as an effective security measure.
First, the people using the passwords have to actually understand and care about the importance of protecting the information behind a password protected wall.
Next, they have to do this for more and more locations (work network, websites, mobile apps, etc...).
As the strength of crackers increases, complexity rises, but the ability to retain the highly complex passwords, across dozens of locations, falters.
So we turn to password safes, but then you're borked if you don't happen to have the device with the safe app on it (And truly F*CKED if you lose it after forgetting to make a backup).
OH! but the cloud! Now you can access your safe from any device! But then, so can everyone else. And by cracking one password (that can't be so complex as to be unrememberable[sic?]), they can now access all your passwords.
Even with all this, since cracking power increases at least geometrically (and quite possibly exponentially) while our ability to remember passwords increases incrementally at best (and then decreases with age), we're fast approaching the time when all reasonable complexity will make no difference to anyone willing to put in the least of efforts.
It's time for a new way to secure things.
Biting the hand that feeds IT
