| ||
People hate passwords, particularly if theyre asked to choose good passwords and told to use a different one for each of their myriad of e-mail, online banking, instant messaging, and corporate and database accounts. Security experts hate passwords because people will use their kids names as passwords, or else write them down and stick them under the keyboard if theyre forced to use stronger passwords.
Sure, password-based authentication is a big catch-22 in that its pretty much impossible to build such a system with no risk. However, we seem stuck with passwords, not just because users demand them, but also because other solutions alone dont tend to be enough.
In some respect, pretty much any software system using passwords is a security risk. However, software developers arent off the hook. There are lots of ways that software can introduce additional risks, and even ways in which systems can reduce existing risks.