Yes we’re baaaack! On the ridiculousness of wanting to ‘actively’ do away with passwords. As per:
Passwords should be killed, according to Koen of @ncsc_nl at @OneConferenceNL #nlcyber pic.twitter.com/UKrCGSRLrX
— Jeroen van der Ham (@1sand0s) October 1, 2019
which of course is big-time nonsense.
For one: this.
For two: At some point in time, it turned out cars were unsafe. In a time before seatbelts, a great many were either thrown through a front window, or impaled on the steering column [‘what a way to die’ depends on the stylishness of the vehicle driven]. The societal solution was not to do away with cars, when the alternatives were there before and during the very existence of cars, but to implement safety widgets that made having an accident less all-or-nothing. Where the infra was culpable, it was adapted – and used for additional user protection, e.g., through guiding rails.
For thirds, we switch adjective inflection [dunno if that is the correct expression but it sounds impressive, similar to ‘We Must Do Away With Passwords!’], and consider whether users’ abuse of passwords is the main problem or it is the massive data leaks, having little to do with the user mass messing massively but mainly with the infrastructure [which includes the sysadmins that have been reduced to turning a few screws along the conveyor belt] ..?
The first, not. Users have broken rules, yes, as they didn’t work for them but against them – as far as they could notice; by making it ever harder to just do their job [contributing to the company that gets a margin out of the work that is bigger than the salary otherwise the employees wouldn’t be there].
The second then ..? Ah, yes, mostly. So, the infra is too little controlled and to get a better grip you want to do away with a tiny element in that, the very one that works almost always, like asymptotically-to-infinite counts every day ..?
OK. The world is a much better place much quicker by doing away with cars, then, because the death rate [let alone the injured/ ‘handicapped for life’ rate] is much higher from that, so all cars-and-drivers are categorically to blame.
OR you admit that categorical statements mostly are wrong. And try to fix what is broken, but not what isn’t. And first, get the alternatives spread around sufficiently so no anti-tippingpoint/networkeffect dynamics undo your idea. And see why passwords are abused by everyday authorised users, and fix the problems there; ‘provisioning’ remember ..? And … and …
[People may drown here, so do away with the sea! Villers-sur-Mer]