UPDATE: Wired article that contradicts the call to ‘kill the password’. Much more accurate information there.
This article is wrong on so many levels it’s ridiculous. Everything he talks about in his article are problems with poor programming and security practices. Passwords are not the problem, never have been and never will. If you listen to him a 1024bit SSH key is vulnerable.. sure if you don’t take proper steps to secure it. The sky if falling…auuugh!!!!!!
Here’s a particularly lame example:
Let’s say you’re on AOL. All I need to do is go to the website and supply your name plus maybe the city you were born in, info that’s easy to find in the age of Google. With that, AOL gives me a password reset, and I can log in as you.
Blaming passwords on the above is.. well..just wrong… completely wrong. That’s a simple failure on the part of AOL, and YOU. Putting all of your ‘eggs’ in one basket (in this case AOL) and tying that in with your banking..etc.. is just stupid and relying on any third party to secure your information is again.. stupid.