Why Are Passwords Bad

A person who read my earlier post “No Password, No Phishing” suggested me to refer to writings on why passwords are bad.

Actually, I have read such writings dozens of times over two decades. Here is one of the latest – “Passwordlessauthentication: The future is here“ 

I agree that passwords are not secure – they can be lost, stolen and abused. I cannot disagree, either, that physical tokens are not secure – they can be lost, stolen and abused.

What puzzles me is the argument that the password should therefore be killed while the physical token should therefore be promoted. I feel like falling into a Rabbit Hole.

Is it simply due to a logical mistake of mixing up something ‘insufficient’ with something ‘harmful’?

< Key Reference >

 “Removal of Passwords and Its SecurityEffect”

"Aiming to Destroy Democracy?"

* Attempts to compare the vulnerability of a wisely or poorly managed password with that of a poorly or wisely deployed physical token would obviously take us nowhere.

Key References 

Digital Identity for Global Citizens

What We Know for Certain about Authentication Factors

Image-to-Code Conversion by Expanded Password System

Summary and Brief History - Expanded Password System

Proposition on How to Build Sustainable Digital Identity Platform

Additional References

Account Recovery with Expanded Password System

External Body Features Viewed as ‘What We Are’

 History, Current Status and Future Scenarios of Expanded Password System

Negative Security Effect of Biometrics Deployed in Cyberspace

Availability-First Approach

Update: Questions and Answers - Expanded Password System and Related Issues (30/June/2020)

 < Videos on YouTube>

Slide: Outline of Expanded Password System (3minutes 2seconds)

Digital Identity for Global Citizens (10minutes - narrated)

Demo: Simplified Operation on Smartphone for consumers (1m41s)

Demo: High-Security Operation on PC for managers (4m28s)

Demo: Simple capture and registration of pictures by users (1m26s)

Slide: Biometrics in Cyber Space - "below-one" factor authentication

< Media Articles Published in 2020 >

Digital Identity – Anything Used Correctly Is Useful https://www.valuewalk.com/2020/05/digital-identity-biometrics-use/

‘Easy-to-Remember’ is one thing ‘Hard-to-Forget’ is another https://www.paymentsjournal.com/easy-to-remember-is-one-thing-hard-to-forget-is-another/

Identity Assurance And Teleworking In Pandemic https://www.informationsecuritybuzz.com/articles/identity-assurance-and