Passwords as a defensive measure are complete rubbish. There’s no two ways about that. The fact that high-value services such as online banking, corporate email and data storage use simple passwords as the only real security mechanism is a sad commentary on the state of defensive technologies. But, as the continued parade of password leaks of late proves on a daily basis, users who believe these companies are protecting their passwords are sadly mistaken.
The companies that provide these online services, such as email, cloud storage, online banking and others, would really rather not store your passwords, truth be told. As we’ve seen, it’s just one more piece of data that they need to protect and can potentially lose. The business models at banks, retailers and social networks do not include acting as secure storage facilities user passwords. If there was some way for these services to exist without having to deal with user passwords, they would have found it.
But no one has yet, and there doesn’t seem to be a good solution to the problem on the horizon. Passwords were a terrible idea at the beginning, they’re still terrible now and they’ll continue to be terrible in the future.
Read more on ThreatPost