“The in escapable reality is that simple doesn’t work, and we need something much better”
We really need to talk about passwords. The reality is that they are horrible and not fit for purpose.
Let’s just look at the issues. The typical login consists of a user token, which is often a username or email address and a password. Back in the day, a password could be relatively simple and used on multiple sites, because the whole phishing industry hadn’t arrived. Today, phishing has been refined to the point where even sensible and appropriately cynical users can get caught. We have to handle such a large volume of website logins that it’s impossible to remember a unique password for each site, so it’s no surprise that people reuse passwords.
Which is fine, until either someone works out what your password is, or they extract it from you by getting you to hand it over unwittingly. This could be a spear-phishing attack taking you to a website that pretends to be your favourite shopping site, and from there they grab the credentials. A more sophisticated attack could be to poison your DNS cache such that the website call is redirected to a bad site that they control. Either way, the combination of username and password is easy to compromise.
One solution is to use a password manager. My favoured choice is Bitwarden, having tried most of the alternatives. It’s not bound into a particular web browser or platform, and it’s not Google. Which might sound overly cynical, but I prefer to choose best of breed over convenience. Bitwarden offers
You’re reading a preview, subscribe to read more.
Start your free 30 days