Another day, another batch of passwords swiped, or re-used for attacks or leaked out to the public.
Today, it's Yahoo passwords that have been swiped. Best Buy passwords are being re-used for attacks. A month ago, LinkedIn had password issues. We've probably missed a few password security fiascos in between those security stops.
In 2009, a Google security wonk noted that passwords are useless, outdated and a security risk. Fast forward, three years and you can slap an exclamation point to that statement.
Yet. Nothing. Ever. Happens.
The password system just won't die. I went to a meeting two days ago, hopped onto the guest Wi-Fi in the conference room and had to enter a password. That password was 0123456789. The password should have been "why bother." On the bright side, at least the company didn't use "password" as a password.
You know the drill by now. Users keep similar passwords across accounts to remember them. Number variations are the norm.
The quick solution to this password issue is an account manager. The problem is that these systems create a single point of failure.
But Ryan Naraine said it best: "These password managers are a single point of failure, but it's the best of a terrible world. The alternative is that everyone uses password123 for all sites."