A Microsoft security engineer posts on why the password is dead. A stance I firmly agree with but some reservations around the details. The author is coming from the Windows space but the same principles apply in Unix and other OS flavours.
Passwords have had a long history of being troublesome security measures – people chose bad ones, write them down, never change them and are easily social engineered out of them. Additionally enhanced computing power and tools mean it is relatively easy to sniff out passwords or their hashes and brute-force crack them.
The post ventures into some interesting territory around replacing passwords with pass phrases. Though personally I think the future of authentication is probably biometrics this use of pass phrases could be an interesting interim step or a lesser level of security to be explored for lower-risk assets. In his explanation the author suggests that instead of using a random string of characters, such as “4fGY36jk
