Reply to post:

'Password rules are bullsh*t!' Stackoverflow Jeff's rage overflows

Ben Tasker Silver badge

> It's 2017. Passwords are irrelevant. Anything you care about should be protected by a strong 2nd factor.

I disagree.

Yes, anything you care about should be protected by a strong 2nd factor - but it's supposed to be precisely that a second factor. Something you know, and something you have. So the password is still very relevant.

It's your protection against someone swiping that 2nd factor (by taking your U2F dongle of your keys or whatever), just as 2FA is a protection against someone finding out your password. The two complement and help protect each other against different threats.

Hell, you've only got to look at the history of debit/credit cards to see that. When all you needed was the card (something you have) to swipe, nicking/cloning and using a card was easy. They introduced the PIN (something you know) and it became much harder (whilst not perfect). In fact, the criminal focus largely moved onto other weaker areas of the chain instead. Course with pay-by-bonk we're moving away from that again, but meh.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019