Re: Nothing wrong with insecure passwords
This has been known FOR DECADES. The chief problem comes from the wetware requirement. Against a resourceful opponent (and as you note, the requirement keeps falling), there's no way to convulsively distinguish someone from an imposter. Passwords can be copied, looks can be matched, factors can be stolen, even DNA can be cloned. Yet we live in a world where proof of identity is a daily requirement, so we're caught between Scylla and Charybdis: needing a form of authentication that frankly cannot exist. So what do we do?