Originally Posted By: Faolan
The existence of a password constitutes an insecure one. Brute force methods have been pretty easy for a while now if one has the hashed/secured copy, and continue to grow in power as GPUs and other tech continues to advance. And with flaws like Meltdown and Spectre leaking the clear text password possibly via Javascript, and, yeah...

The world needs to really move on beyond passwords as any form of security. The one work environment that was all X.509 certificate based, even for SSH, was pretty nice. I'm just glad I wasn't the security person setting it up though smile


I agree with what you're saying, but how do you change?

I have my personal bank account, mortgage account, credit card account, plus 6 business accounts that I need to remember creds for, plus of course apple, amazon, ebay and my network login.

It's overload, and how secure is it really?

Is there a USB card/dongle based login solution?