Why even let users set their own passwords?
Why even let users set their own passwords?
TLDR:
Here is generated summary of the article:
- The author argues that passwords are not a secure way to authenticate users, and that websites should instead issue randomly generated passwords to users.
- The author points out that websites already do this for API keys, which are used to secure high-stakes applications.
- The author argues that this model of password issuance would be more secure than the current system, and would also simplify the login process for users.
- The author also discusses the limitations of TOTP-based two-factor authentication, and argues that it is not as secure as it is often made out to be.
Here are some of the key points from the article:
- Passwords are often weak and easy to guess.
- Users are often not good at choosing secure passwords.
- Websites often do not implement password best practices.
- TOTP-based two-factor authentication is not as secure as it is often made out to be.
- A more secure system would be to issue randomly generated passwords to users.
You're viewing a single thread.
You have to balance security with usability. Most users aren't gonna understand the flow of getting a randomly generated password, and they're just gonna write it down if they do. This is a delicate balance that all cybersec people know.
I’m aware of the balancing act. I just thought it was an interesting opinion piece that I myself don’t quite share. My words [will always be bracketed] to tell the difference. Thanks for offering a counter argument to this article!
I mean I was just offering my response. But I'll be sure to remember this one random guy will put his words in [brackets]