Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
IT Technology

Passwords Aren't Just a Problem For Adults (cnet.com) 76

Though you might assume children are the most tech-savvy generation out there, it turns out there's an area where they're just as behind as adults: passwords. From a report: National Institute of Standards and Technology released research on Wednesday showing that even though kids are taught best practices for creating passwords, they're not following them. NIST surveyed more than 1,500 children, ages 8 to 18, and found that, for example, 87% of high schoolers use the same password for everything. Depending on age group (45% of high schoolers versus 23% of elementary school kids), many share passwords with friends. Researchers suggested that those surveyed don't see password sharing as risky behavior, but rather a matter of building friendships and trust. "The end goal of this research is to better support children and provide recommendations that can be used to provide guidance to them, parents and educators," NIST researcher Yee-Yin Choong said in a statement.
This discussion has been archived. No new comments can be posted.

Passwords Aren't Just a Problem For Adults

Comments Filter:
  • Context (Score:4, Insightful)

    by darkain ( 749283 ) on Wednesday August 11, 2021 @02:28PM (#61681279) Homepage

    What is the context of "sharing passwords"? Is that sharing your personal account for school used to submit homework, or is it just sharing your Netflix password? It sounds like a generic question where either context could apply, one being significantly more dangerous than the other.

    • Re:Context (Score:5, Insightful)

      by bws111 ( 1216812 ) on Wednesday August 11, 2021 @02:45PM (#61681383)

      Well if 87% of them are using the same password for everything, it doesn't really matter, does it?

    • " Is that sharing your personal account for school used to submit homework, or is it just sharing your Netflix password?"

      There isn't a difference. As the article says, "87% of high schoolers use the same password for everything."

    • As a former "IT guy" for a high school. They would share their credentials and login to each others chromebooks to throw off the people who are monitoring them to make sure they're not viewing inappropriate material (porn) or watching hd movies and tv shows using the schools bandwidth. Even though we had filtering in place they found ways around it. There's a shared google folder floating around with (in 2018) about 800 porn videos. Then the same thing for tv shows and movies.
    • by fermion ( 181285 )
      The context is that kids donâ(TM)t always see beyond what is immediately going to get them candy or sex or what shiny object attracts their attention. If there is not immediate consequences, they will do what is expedient to get what they want. So kids use the same password, share, do whatever.

      Furthermore, even the best student is going to have a bad, become rebellious or reluctant if they are not succeeding as expected, or otherwise become a control issue. In the old days this was breaking a pencil

  • Ya, no. (Score:5, Insightful)

    by fahrbot-bot ( 874524 ) on Wednesday August 11, 2021 @02:30PM (#61681303)

    Though you might assume children are the most tech-savvy generation out there, ...

    I don't assume that -- at all. Proficiency with *using* things like Instagram, TikTok and/or texting doesn't make one "tech-savvy" ...

    • Yeah, people think that because a child/teen is fearless (they don't no any better, so why be afraid) means they literally aren't afraid to try stuff and see what works. This means they break shit as well and if they are actually nerdy, it stays broken.

      Since most people will never be tech-savy, regardless of the ability to use specific programs, I would definitely have to agree that kids are no better off with tech then adults, they just don't know better.

      • Yeah, people think that because a child/teen is fearless (they don't no any better, so why be afraid) means they literally aren't afraid to try stuff and see what works. This means they break shit as well and if they are actually nerdy, it stays broken.

        And... they tend to experiment with and/or break things they didn't pay for themselves, probably their parents did.

  • 1. Use pass phrases, not some random characters that make it looks like you are swearing.
    2. Use a password manager.

    This way you memorize ONE pass phrase to get into your pass phrase, and literally copy/paste usernames and passwords when needed.

    This isn't fucking rocket science.

    • by mark-t ( 151149 )
      And if that one entry point for your password manager should ever get compromised, you are effed. Effectively, it is the same as having the same password everywhere, only the vector to actually compromise it is different.
      • > And if that one entry point for your password manager should ever get compromised, you are effed.

        It is stored encrypted, right?

        And you are NOT storing it in the cloud, right?

        You have backups, right?

        • by mark-t ( 151149 )

          As I said, the vector to compromise it is different. That doesn't mean it isn't there. Your best bet is to invent a mnemonic that you can use to generate a different pass phrase for each individual place that a password is needed,

          Ultimately having a single passphrase that unlocks your password manager makes you similarly vulnerable as having the same password everywhere.

          • > Ultimately having a single passphrase that unlocks your password manager makes you similarly vulnerable as having the same password everywhere.

            No it doesn't. You generate random passwords.

            That way you have both:

            * convenience to access your passwords
            * security with strong passwords

            • by mark-t ( 151149 )

              The problem, as I said, is that you are still using a single password to access your other passwords.

              That means there is a *SINGLE* compromise vector to get at all of your passwords, and if a compromise should occur, the effect is exactly the same as if you had been using the same password everywhere

              Whether you have this single password stored in any kind of encrypted format or not is entirely irrelevant. The fact that a single password on a password manager might theoretically be harder to compromis

              • by Bengie ( 1121981 )
                Password managers work because people are incapable of doing what you suggest. Why not just expect everyone to memorize a unique 20char random password for every site? You ask for the impossible. For every person you can find an example of your convoluted scheme, there are 100 million other people who would never do that.
    • by ljw1004 ( 764174 ) on Wednesday August 11, 2021 @02:59PM (#61681473)

      Simple solution. 1. Use pass phrases, not some random characters that make it looks like you are swearing. 2. Use a password manager.

      That's not simple at all. Let me walk you through:
      1. Install an app and open it. It asks to sign up with a username and password.
      2. Click to open your home screen, click to open LastPass
      3. Click Security
      4. Click GeneratePassword
      5. Click the Copy button
      6. Swipe up to switch back to the app.
      7. Click in the password field and click Paste, and you're into the app
      8. Swipe up to switch back to LastPass
      9. Click Add > Password > AddNewPassword
      10. Type in a name, folder. Leave URL blank because what even is it?
      11. Click on Password and click paste. (and hope that you didn't lose your clipboard between step 5 and 11 else you're screwed)
      12. Click Save
      13. Swipe back up to switch to the app

      Now, EVERY SINGLE TIME you want to use the app and it asks for a password,
      14. Go to your homescreen and launch LastPass. Do the facial recognition.
      15. type the name of the app into the search screen and hope you remembered it.
      16. Click the copy button
      17. Swipe up to go back to the app, click in the password field, and click Paste.

      If LastPass manages to associate the password with the app, then steps 14..17 are much easier -- you can just click the "use lastpass" button when you're filling out the form. But I've never managed to learn how that association is made. I'm assuming it's between the URL and the publisher-domain-metadata of the app?

      Compare this to the actual simple solution:
      1. When signing up, click in the password field and type the same password you use for everything, from muscle memory
      2. When logging in, click in the password field and type the same password you use for everything, from muscle memory

      You might object that it's so difficult because I, like most people, interact with the internet primarily through phone and apps rather than desktop. Sure, but that's not going to change, and it's not simple to change.

      Don't get me wrong. I fully understand that a password manager is best practice, and I use one for everything. But you don't get to claim that it's "simpler". It's actually vastly more complicated.

      I'm sure that if I used Apple's keychain then there'd be a slicker UX. But I'm not prepared to bind myself to the Apple ecosystem.

      • Simple solution. 1. Use pass phrases, not some random characters that make it looks like you are swearing. 2. Use a password manager.

        That's not simple at all. Let me walk you through:

        I dearly hope that you are trying to Poe us.

      • Does LastPass not auto-fill passwords in apps?

        I have been using Roboform for many years and it can auto-fill passwords in apps on Android and Windows (not sure about iOS).

        I don't seem to have the problems that you describe.

        • by ljw1004 ( 764174 )

          Does LastPass not auto-fill passwords in apps? I have been using Roboform for many years and it can auto-fill passwords in apps on Android and Windows (not sure about iOS).

          Like I said, "If LastPass manages to associate the password with the app, then steps 14..17 are much easier -- you can just click the "use lastpass" button when you're filling out the form. But I've never managed to learn how that association is made. I'm assuming it's between the URL and the publisher-domain-metadata of the app?"

      • > It's actually vastly more complicated.

        Not nearly as complicated as trying to recover your accounts WHEN you get hacked because you were dumb enough to use the same stupid password on ALL your sites.

        What's that Benjamin Franklin quote?

        "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."

        Let's update it for 2000:

        "Those who would give up Security, to have a little temporary Convenience, deserve neither Security nor Convenience."

      • Its not that complicated at all (at least for bitwarden). and on Android (who knows with Apple). 1) Bitwarden option will appear either on the keyboard, or near the password/username field on the page. 2) Click on Bitwarden button and enter biometrics or master password 3) App knows what site/app your using and will select it for you 4) You are now logged in "Don't get me wrong. I fully understand that a password manager is best practice, and I use one for everything. But you don't get to claim that it's
      • by idji ( 984038 )
        My password manager, Keepassium, is directly integrated into the iPhone's password handler API. That's much better than what you describe for LastPass - I don't have that many steps.
    • George thought it secure, but Kramer was close to guessing it?

  • While a lot of people who read too much Science Fiction often get scared when they hear about bio-metrics, and then they point to stories where someone spending money and time in order to find a way to cheat the systems. In short biometrics are still superior to passwords, because you can hack a password without a targeted attack, while if you want to cheat someone bio-metrics, it will often mean you will have to know who you are trying to attack.

    Alternatively Multi-factor authentication is good too, as i

    • If I have 2FA then why do I need a password at all? Enter user name, click logon, MFA system generates a one user code to log me in. Now Im in my system with no password. Today it usually goes enter user name, enter password, click login, prove your human by solving this puzzle, now do 2FA to prove its really you, then you get emails and text messages saying a login occurred. Irritating!

      • "If I have 2FA then why do I need a password at all? Enter user name, click logon, MFA system generates a one user code to log me in. Now Im in my system with no password."

        Well, for one thing, that's not "2FA". You don't have two factors. It's still single-factor authentication, you're just using a different factor. The whole point behind 2FA is an attacker has to replicate two ways to authenticate, greatly increasing the difficulty of his task.

      • Well technically its not 2FA if you don't use 2 methods of authentication. But I agree in principal with what you are saying, its just a hassle, also usually all the factors are on your phone, so if you someone has access to your phone they can check your email, read your text as well so I don't quite get it. Also if you loose your phone/computer how do you access anything, if everything has 2FA.

      • prove your human

        Prove my human? Which of my many humans should I prove?

    • by Talchas ( 954795 )
      I mean, biometrics are passwords where you mostly don't have to remember anything, but also can't change it. Unless you allow remote attestation and super secret hardware, in which case that's already sufficient reason to say no. On top of that the entropy for a lot of current implementations of it is pretty bad, though that's probably not fundamental.
    • by XXongo ( 3986865 )

      ...In short biometrics are still superior to passwords, because you can hack a password without a targeted attack, while if you want to cheat someone bio-metrics, it will often mean you will have to know who you are trying to attack.

      Biometrics are vastly worse than passwords. Because if your password is compromised, you can change it. If your fingerprints are forged, you can't delete your fingers and get new ones.

      • by sconeu ( 64226 )

        In addition, you can be compelled by the government to provide biometric access to a device, but you cannot be compelled to reveal a password (Fifth Amendment).

        Unfortunately, that may be changing. There was a recent case where the court ruled a password could be compelled.

      • by Bengie ( 1121981 )
        I think it's NIST, or one of those, that requires all forms of authentication to be mutable and revocable. This makes biometrics and invalid form of authentication.
    • I my opinion bio-metrics are much worse than passwords, well for anything that needs to validate remotely. The main reason is you CANNOT change them, you would be effectively forced to share your password for everything.

      There is 2 ways I can think this can work:
      1. server checks the full bio metric, well then when you log on to the server you have to send that bio-metric, they now have it and can send it to log into any other account you have, yes bio-metrics can check for minor changes but that could be sim

    • While a lot of people who read too much Science Fiction often get scared when they hear about bio-metrics, and then they point to stories where someone spending money and time in order to find a way to cheat the systems. In short biometrics are still superior to passwords,

      Easy for you to say. I don't have any thumbs now that hackers wanted to get into my Facebook.

  • passwords are a problem, and so are auth tickets that make it as if I typed in password. We need something better.

  • The proliferation of password-based logins in our lives is extreme, and will be even worse for kids. There are literally hundreds of websites and systems that I use that utilize passwords (many must be changed on a regular basis). No human alive could remember a unique and secure password for each. And I've only been accumulating login accounts for the last 20 years.

    A partial solution is a password manager, but that isn't perfect. You are either tied to a service (you are screwed if it shuts down or is com

    • by Junta ( 36770 )

      In my case, my password database is on dropbox and onedrive and synced to a few devices. I still have that master password, but I'm unlikely to forget that and my family can access it in case.

      But still the problem of entering the password can sometimes be obnoxious, in a scenario where copy/paste isn't really available due to various reasons (e.g. a streaming service that forces you to log in using a crappy remote interface).

  • Better headline: "Researchers shocked to discover kids are people too"

  • And you can't teach experience. But you could require them setting a password to access their lunch each day and let them learn with experience. Sure some will not eat lunch for a few days... but they have an incentive to gain wisdom in using passwords.
  • by jonadab ( 583620 ) on Wednesday August 11, 2021 @02:42PM (#61681363) Homepage Journal
    > 87% of high schoolers use the same password for everything

    Yeah, I'm a network administrator; I have 50+ passwords in my head, and a reasonable percentage of them are 30+ characters long, but I use one rather weak password for 90% of the things I use a password for, i.e., everything that fundamentally doesn't matter.

    Every website you ever look at these days, makes you create an account. Most of these, you're never going to use again, and you're also never going to give them any information that you really need to protect. There is NO POINT in using secure passwords for that stuff. "Oh, noes, if the bad guys get into my account on this site, they could, umm, edit that comment I left that one time." I think I'll live through that.

    So the question is, how many teenagers have any accounts that *are* worth protecting with a unique and secure password? They don't have bank accounts. They don't have work accounts. They don't have medical accounts, or insurance, or any of that. They don't *care* about their school accounts. What super-important thing are they inadequately protecting? Random idle chit-chat?
    • Agreed. Advice to "use a different password for everything" is idiotic. Kids and adults would do better if given more realistic advice.

      IMO most people need about 3-5 passwords.
      1) primary email
      2) cell phone
      3) bank account
      4) things that sort of matter (credit card account, utilities)
      5) things that don't matter at all (most shopping sites, throwaway email, and others)

      In the end, I think the only credentials that truly matter are 1-3. In this era of forced 2-factor authentication using SMS, I'm not sure anyt

    • Most highschoolers will in fact hold a job during their highschool career. Almost a third of them have to in order to help support their family. (1-in-5 children live in poverty.) They might not have a traditional bank account, though many do, but lots of them use things like Venmo or Cash App that are banks in everything but regulations. They're also just as vulnerable as everyone else to identity theft.
  • My kid's kid's school wanted each kid's password written down where others could see it, plus they had a master list of all the kids' passwords.

    On the form I wrote "dad is a security professional. I make a living telling people not to write down passwords. She knows her password."

    Of course mom went ahead and added the password to the form, because she doesn't like to say no.

    She's seven years old now. I teach her that *I* really don't want to know her passwords. I can get in to her phone and computer, I tell

    • What are your thoughts on "magic links"? I can log into Slack, for example, by asking them to send me a link. I suppose it relies on the security of my email account, but most places that allow you to reset your website do anyway.
      • I think you've identified the main issue there - the security of the email account. I'd much prefer such links have a 10-minute expiration.

        They need to be cryptographically secure, so that someone can't look at their link and guess yours. Most of the time the vendors TRY to do that, but fail. Such as trying to secure it with an md5 hash. Those, and password resets, should be secured with a MAC, probably a SHA-256 based HMAC (not a sha256 hash).

        If the crypto is right, it's as secure as your email. The crypto

  • Too weak means they are easy to crack through primitive means. Too complex means people write them on sticky notes so whatâ(TM)s the point? My company uses smart card ID badges. Stick it in the slot on the computer = login. Pull the card out = log off. When youâ(TM)re logged in, you can access whatever apps emails etc without entering passwords. Thatâ(TM)s the type of thing that will work for most. Why donâ(TM)t we use it?

  • by Tablizer ( 95088 ) on Wednesday August 11, 2021 @02:43PM (#61681371) Journal

    http://wiki.c2.com/?EvolutionO... [c2.com]

    (I tried to paste it here, but the Lameness Filter balked)

    The problem is that the password file itself is too easy to get to. If it were in a special locked box* with throttling and an API that did only one thing well (passwords), then it would be very rare for hackers to be able to try a billion combinations against it.

    The password file doesn't belong on regular servers. With hardware-enforced retry throttling in place, the escalation of password complexity would end. It's the Vulcan thing to do.

    * Probably a mirrored pair of boxes to have a spare.

  • by Junta ( 36770 ) on Wednesday August 11, 2021 @02:45PM (#61681375)

    "Though you might assume children are the most tech-savvy generation out there"

    This no longer holds true for most people. People under 50 had to deal with technology at least from the moment their professional lives started, and people 40 and under grew up with it. That thinking held for the mid 80s through mid 2000s, where a lot of the adults got technology sprung upon them and had children that acclimated.

    If anything, technology has become simpler to use. Like always parents may not keep up with popular platforms as fads move interest around, but it's not because those platforms are difficult, it's just because adults have less interest.

    • by mjwx ( 966435 )

      "Though you might assume children are the most tech-savvy generation out there"

      This no longer holds true for most people. People under 50 had to deal with technology at least from the moment their professional lives started, and people 40 and under grew up with it. That thinking held for the mid 80s through mid 2000s, where a lot of the adults got technology sprung upon them and had children that acclimated.

      If anything, technology has become simpler to use. Like always parents may not keep up with popular platforms as fads move interest around, but it's not because those platforms are difficult, it's just because adults have less interest.

      This.

      Cars are a good example, my parents generation learned to drive with manual transmissions, no ABS, chokes, unreliable engines... My generation still had manual transmissions, no ABS although chokes were largely a thing of the past and engines were a bit more reliable. Current generations barely know what a car is doing as everything is hidden from them behind computer controls, automatic transmissions, squishy suspension and if anything goes wrong they just ring roadside assistance. They don't know

      • by Junta ( 36770 )

        Obligatory Car analogy probably works very well here.

        I wager that someone born around 1880 probably never got comfy with cars. Meanwhile someone born in 1910 was probably very comfortable with the ins and outs of cars and cars were probably perceived at the time as a young mans realm and wouldn't be surprised if young people being better with cars was still trotted out in the 40s despite probably not being the case anymore.

        And like you say, progressing to today where thanks to advancements that have mitigat

  • Their standards for password is 8 characters for a human, 6-64 for a machine generated one.

    From my experience, the best password is:
    Three words with a symbol besides space separating them, with some rule for capitalized letter (such as first, last, every first, every last)

    Example:

    Forget(Paris(John

    This is far easier to remember, practically impossible for a machine to guess, and your estranged wife will not automatically be able to guess.

    Random letters is guaranteed to be forgotten unless it is used a lot.

  • I don't assume that children are tech savvy. I figure they are juvenile and uneducated. Also, kids are dumb.
    • I don't assume that children are tech savvy. I figure they are juvenile and uneducated. Also, kids are dumb.

      More precisely, they think they're smarter and/or more experienced than (currently) they are -- or they simply want something and actual knowledge gets in the way.

      For example... I'm a systems programmer and systems administrator with 30+ years experience working on everything from PCs to Cray supercomputers at NASA Langley, the NYT and various defense contractors and I've had numerous arguments with my 14yo niece about how things like WiFi, networking and the Internet work and she thinks I'm wrong -- whi

  • But use a password manager! they say.

    Yeah. Ok. Except now if the company that has all your passwords stored on their servers goes belly up or gets dosd then you're hosed.

    A part of the solution is to have less valuable shit hidden behind your passwords. Then who the fuck cares if it gets hacked or cracked or stolen off your sticky note under your keyboard.

    2fa has its place but again makes for something more fragile than a password if you're relying on 3rd party infrastructure to make it work.

    • "Except now if the company that has all your passwords stored on their servers goes belly up or gets dosd then you're hosed."

      There's this exciting new concept that helps you deal with this called "backups". If you're not keeping a copy of your password manager's data file someplace completely independent of its primary location, you're being criminally negligent. If your password manager doesn't allow to easily make and access copies of its data file, you're using the wrong password manager.

      • I can do that. I can try to find one that works across machines and lets me use it on public terminals and doesn't do stupid shit like pass clear text or low security encrypted passwords around the cloud and everything else.

        Or I can refrain from giving my credit card and identifying information out to every facespace wannabe out there and keep posting under a pseudonym instead of my real name and just use a few passwords I can keep between my ears.

        • I would recommend against having a third party run your password manager program; just have them store the data file. I like Password Gorilla; runs on Linux, Windows, and MacOS. Android as well, but you'll have to sideload it. You could keep it on a USB key for running on a public terminal.

  • So how are people supposed to learn how to do it themselves. Average folks won't be reading NIST tech bulletins.

    We keep seeing applications, web sites, and computer "professionals" telling us to create goofy passwords that NIST nixed years ago. Capital, lower case, symbol, number, fuckoff. I put "professional" in quotes since actual professionals would know that phrases are better and easier to remember, so you don't have to write them down, and people won't be tempted to share as much because they will ha

  • Pick a "default" password, something fairly complex involving letters, numbers, symbols etc. Use this as-is on sites you don't give a holy shit about and could not care less about if hacked but which you will always remember. Of course, if it's a _really_ dumb site just use e.g. abc123 or something, who gives a shit.

    For sites more important where you will want to be able to login from memory, use the default password you chose but prefix/mod with something unique about the site. Could be e.g. first few lett

  • by PPH ( 736903 ) on Wednesday August 11, 2021 @03:34PM (#61681607)

    ... my dog's name.

    My dog is named %8Nk=14hD

  • You can't expect somebody to remember 200+ passwords for 200+ different sites. Either people must use a password manager to remember their passwords, and the issues of synchronising between machines (Chrome seems to do a good job here), or find a way to generate a strong password for each site which doesn't require remembering 200+ passwords, yet is repeatable, and not easily guessable even to someone who knows the method.

  • $ echo PinkFluffyBunnyAmazon | sha256sum | cut -c1-64 | xxd -r -p | base64 | cut -c1-16

    Then just pick a suitable passphrase for the PinkFluffyBunny part, and use the website name as the Amazon part, and you're done. Look Mummy, no storage required.

  • Isn't that how they designed touch ui? So easy even a retard err.. I mean child could use it? Most kids I know are not tech savvy at all, and parents who think a tablet and smartphone is complicated technology / their kid is a genius is kidding themselves. Actually, they built touch tech to be as addictive as possible too....
  • If we let go of this nonsense of having personal property then we don't need accounts or passwords to protect it. We've already taught children that there is no personal privacy, not much further to go before we reach utopia.

    • ... nonsense of having personal property ...

      I like your enthusiasm for communism but you're forgetting the down-side: If no-one owns it, no-one cares for it. Plus, there's no-one to nag the government "I don't have enough USP/profit/slaves/fascism" while pretending "you can be rich like me". That sounds like a good thing but the wealthy, lacking guns and soldiers, are more sensitive to civil disobedience and ensure the unwashed masses have just-enough (YMMV, see: boiling a frog) breathing room.

      ... we reach utopia.

      The strangest problem with 'no property' is reproduct

      • If no-one owns it, no-one cares for it.

        Make a law. Let's say an offence, such as not filling a car back up with fuel after you've used it, is treason.

        Plus, there's no-one to nag the government "I don't have enough USP/profit/slaves/fascism" while pretending "you can be rich like me".

        That's why most failed communist states have a special leader class that does own things and gets to make decisions. The best of the best would be the leaders. Of course this ground was already covered in Plato's Ship of State.

        Lenin had a dim view of an electorate with Bourgeoisie fantasies. But of course that's exactly how it played out.

        Does that 'personal' mean it's no longer her vagina

        That's the most logical next step. No personal property, no i

  • by Malays2 bowman ( 6656916 ) on Thursday August 12, 2021 @10:24AM (#61684327)

    The "password woes" issue keeps getting trotted out from time to time, but we are still using passwords for one simple reason: Nothing better has been thought up to replace it.

      Biometrics- this comes with a host of it's own problems when it comes to reliability/security and with ever increasing privacy concerns people are becoming more squeamish in using it.

    Dongles - people are only willing to use these for high security applications, and of course there is the issue of loss/theft

    Voice recognition? - big security hole right there.

    We are going to continue to use oasswords, and this is not going to change any time in the foreseeable future.

    • "Nothing better has been thought up to replace it."

      Wrong.

      Passwords are still in use because only worst thing to passwords is no passwords at all.

      On the other hand, passwords + 2FA exists and is far better, should be mandatory for any serious thing. (Whatever the second factor. OTP standar for instance offers plenty nifty solutions).

  • Working in IT for more than 20 years, having kids, I can tell you one thing : newer generations have mostly NO IDEA what tech is about.

    Bring them tik tok and emojis, fast reward for clicking on a bright color, THEY will assume they know.

    But they know even less than John Snow.

Business is a good game -- lots of competition and minimum of rules. You keep score with money. -- Nolan Bushnell, founder of Atari

Working...