The death of passwords

[DuncanM]

As well as the 60 day expiry and the stupid password rules for logging into a laptop, our VPN uses <stuff>.

[Kim]

Plus, it's entirely reasonable to link your phone's SMS capabilities to your Proper Computer using one of the many ways of doing so, for ease of keyboarding / URL clicking / etc.  Which means that if someone manages to compromise your Proper Computer, they've got both...

[ian]

One of the many ironies of computer security is that vast amounts of effort are invested in annoying normal users who are never going to be the subject of any password attack and if they are, enjoy their family pictures and a couple of meaningless spreadsheets.

[Lightning Phil]

Most modern systems should be able to do a sign of life check on this so that amputating a finger should not work.

The iPhone fingerprint reader doesn’t work if you’ve been eating crisps, or doing the washing up. 

[ian]

It also doesn't work if space rays have turned you into an amoeba. Though admittedly you might have more pressing issues.

[citoyen]

Then you've got the rules applied to "Memorable Questions". So my mother's maiden name can't be O'Brian or my grandfather's first name can't have fewer than 5 letters? Let me go back and change my parents for you.

Precisely what I did. My mother’s maiden name has too few letters to be secure as a password, so I adopted someone else’s mother instead.

Don’t know what I’ll do if they ever ask for proof…

[citoyen]

I don't like 2FA either, as that depends on your phone or email and they could stop working at any time. And there is no law that everyone must have a phone or email address.

I don’t mind using my phone for 2FA. What irks me is needing to use my *personal* phone for 2FA on *work* logins.

(See also: having to install an app on my personal phone to be able to use the office printer.)