Exactly, they are the primitives of security systems. If passwords are broken, then every other security system is suspect. If users can't be trusted with passwords because most people are really bad at it, and people are bad at it because they are human, why should I trust MS's human developers to do any better? Why should I trust anyone to do better? Exploitable software has resulted in far more economic damage than bad passwords.
It seems like a massive XY problem where somehow many people have come to the Y "let's get rid of passwords" as the solution, when the X is a mixture of solved problems:
- "people are bad at entropy" (password gens, sensible entropy rules)
- "people are bad at memorizing orthogonal unique strings" (password management schemes and systems)
- "passwords leak" (detect wild passwords and facilitate rotation)
The humble "secure string" allows the implementation gamut from "hunter2" to kilobits of noise, stored in a browser, chip, or post-it. Just prevent the worst incarnations. Passwords are not broken.
> Exactly, they are the primitives of security systems. If passwords are broken, then every other security system is suspect. If users can't be trusted with passwords because most people are really bad at it, and people are bad at it because they are human, why should I trust MS's human developers to do any better?
Passwords that are managed by hand are broken. If you’re already using an automated password manager, then you’re probably fine. Humans can build tools that do stuff better than unassisted humans can do it. Cars are faster than humans, even though humans built them. Dice are better at generating random numbers than unassisted humans, and they’re literally just marked cubes.
Of course, the Windows end-users could build software-based password managers instead of doing it by hand, and some have. But it’s not the default, so many don’t.
> Why should I trust anyone to do better? Exploitable software has resulted in far more economic damage than bad passwords.
You seem to be underestimating the amount of economic damage caused by phishing and password reuse, both of which can be largely chalked up to manual password management. But am willing to be corrected on this. [citation needed]
Numbers are a bit loose, but even a Fermi style estimation suggests malware in general is worse than phishing. Phishing is on the order of tens of millions [1] to a few billion [2]. Ransomware alone probably causes upwards of many billions [3]. Equifax breach (XML exploit) alone has cost billions. Heartbleed, spectre, meltdown, those are at least 1B each.
Ransomware isn't necessarily spread by software exploits. A lot of them use nothing fancier than "My File.pdf.exe" attached to an email, like CryptoLocker and its many clones [1]. Sure, WannaCry used an actual software exploit, but most ransomware gangs don't have leaked NSA cyberweapons to work with.
Also, a lot of breaches that are caused by vulnerabilities, like large forums having their databases leaked, are bigger problems than they should be thanks to password reuse.
But I hadn't thought of Equifax. That company's database held so much economic value that, all in one fell swoop, this single exploit may have tipped the scale so that vulnerable software cost more than password reuse.
Indeed. Shit, just this year Microsoft signed a kernel driver containing a rootkit and didn't notice until third parties alerted them three months later. Those are the people you want in control of all your online accounts?
But if you're worried about Microsoft, you shouldn't want a shared secret such as a password. The whole problem with shared secrets is that the other party might lose it.
For WebAuthn, even if Microsoft literally makes a web site "Get tialaramex's authentication credentials here" solely to reveal the credentials they have for me, it doesn't help bad guys at all. Completely useless. The credentials only help Microsoft, and only to verify me.
That's the "scary" passwordless future, authentication that actually works and can't be weaponised against you, terrifying...
It seems like a massive XY problem where somehow many people have come to the Y "let's get rid of passwords" as the solution, when the X is a mixture of solved problems:
- "people are bad at entropy" (password gens, sensible entropy rules)
- "people are bad at memorizing orthogonal unique strings" (password management schemes and systems)
- "passwords leak" (detect wild passwords and facilitate rotation)
The humble "secure string" allows the implementation gamut from "hunter2" to kilobits of noise, stored in a browser, chip, or post-it. Just prevent the worst incarnations. Passwords are not broken.