Fork me on GitHub

Passwords Are BAD

Password are awful.

Unfortunately, it is the "least worst" solution to the problem of authentication in most cases.

Sure, there are lots of other authentication methods out there, each with their own problems which (on balance) usually ends up being worse:

  • Face ID is suffering from false positives (allows others to impersonate you) - basically you need the right equipment and a picture from Facebook. It is also suffers from false negatives (where it fails to authenticate you) - I can imagine it will not work well after you've been beaten up either: Good luck calling for help.

  • Fingerprints are not secure - you give them away all the time. And you can't change your fingerprint once somebody else has a copy.

  • Retina scans are also insecure. And very impractical to change, once leaked.

  • Hardware tokens are nice, but few people have them. They have a non-zero cost. And people tend to lose them. Or they run out of battery. People cannot even keep house keys and car keys safe!

My main objection to passwords are in the name:


Calling them passWORDS will unconciously guide people to thinking of WORDS. And words are (mostly) quite short1. And guiding people towards short passwords is bad - because short passwords are simply not secure enough for todays world.

For passwords length is everything.

Please: can we find a different word to describe the "password" concept? Something that encourages longer secrets. We could call them ... something like:

  • Identity Challenges
  • Passphrases
  • Pass Sentences

Ideas on a postcard. Or an email. I'm trying to change the world here, and I'm failing badly ...

  1. Most words. Obviously there are exceptions like Taumatawhakatangihangakoauauotamateaturipukakapikimaungahoronukupokaiwhenuakitanatahu, Antidisestablishmentarianism or Supercalifragilisticexpialidocious,