
Passwords Are Obsolete - bluu00
https://medium.com/@ninjudd/passwords-are-obsolete-9ed56d483eb
======
thesuperbigfrog
>> Passwords are obsolete because of email and SMS. Specifically, the ability
to send an email or SMS to users reliably and quickly.

>> The basic idea is that instead of using a password to authenticate each
user, a temporary secret code is sent to them over a secure channel. Email or
SMS is that (mostly) secure channel.

Email is not secure and trivial to spoof. Most users use a password to
authenticate their email account. Unless you have a private key system in
place, how do you get access to your email so you don't need passwords?
(bootstrapping problem)

SMS is not secure. SMS-jacking is a serious problem that has been used to
commit fraud and take over user accounts. Do not use SMS as a form of multi-
factor authentication.

More factors are better, not less. Ideally, something you have (a token),
something you know (a password or PIN), and something you are (biometrics).
Defense in depth is effective, so use it.

