The Importance of Passwords

There seems to be a drive to eliminate the password from the security spectrum. Passwords are seen as weak and easily compromisable and this is true when passwords are taken on their own. But combined with an additional authentication factor, strong passwords are very important to the overall security of electronic systems. Passwords are the only token that resides within a person's thoughts and are therefore protected by the 5th amendment. Police can force your finger onto a device the want to access; they can hack or brute force a device in their possession, but they can't get into your grey cells.

I can't understand the need to kill strong passwords when combined with effective 2FA mechanisms such as those implemented by Google and Microsoft. Looking back would anyone have thought that 40bit encryption would have been made ineffective because of advances in technology?; would anyone have predicted that SSLv3 would be broken when it originally come out?

I am not able to change my biometric parameters but I can change my password on the fly.

Combining [strong] passwords with another strong means of identification not only makes something more secure, but it provides a third wheel if the other technology is compromised. Forcing people to change passwords is relativity easy, while replacing a 2FA control is not (how easy is it to replace the SPECTOR and MELTDOWN vulnerabilities is existing CPUs?)

Besides people are used to passwords so keeping them is not a burden.

Comments

Popular posts from this blog

HOWTO setup OpenVPN server and client configuration files using EasyRSA

HOWTO Generate password protected OpenVPN client configuration using EasyRSA.

Securing your Web Server using Let's Encrypt and Certify-The-Web