[Cryptography] passwords, or not

[Peter Gutmann]

John Denker via cryptography <cryptography at metzdowd.com> writes:

>Why not just incorporate this into browsers?

That's not how browsers work.  You never fix anything, you invent something
new (with its own set of problems) because you know better than anyone else
how to do stuff.  In particular for browsers, and I'm using Netscape
Navigator/Firefox since that's open in front of me, everyone knows passwords
are insecure and so the password manager interface for whatever the current
version of Firefox is is identical to Netscape Navigator from quarter of a
century ago, with only minor changes to the UI to fit the rest of Firefox.
Instead, browser vendors have run endless iterations of trying to invent new
password-replacement protocols and then sitting back and waiting for the ocean
to boil around them.

So we're now in the same worst-of-both-worlds situation as we are with nuclear
reactors, no-one wants to build new, safe reactors because it's too onerous,
but since we're so heavily dependent on nuclear power we're continuing to run
old, well-past-end-of-life, unsafe reactors for the foreseeable future.

For authentication schemes, anyone proposing yet another boil-the-ocean
approach should have to read Bonneau, Herley, van Oorschot and Stajano's "The
Quest to Replace Passwords", and be able to explain why their pet idea
satisfies all of the requirements set out there for a protocol to supplant
passwords.  So far, nothing even comes close.

Which is why we're still using passwords everywhere.  The solution is to fix
passwords (and it's not like we don't have vast amounts of research showing us
how to do this), not to invent yet another boil-the-ocean protocol that will
never see any real uptake because it fails to meet most if not all of the
requirements in the cited paper.

Peter.