Passwords have long been the linchpin in the machinery protecting our online accounts. Increasingly, they are seen instead as a weak link—one that some companies want to do away with entirely.
Following the current advice on how to securely log in to our accounts can feel like trying to keep up with how many blades are on the latest disposable razor. The guidance has changed over the years, from simple, memorizable passwords to unpronounceable strings of characters customized for each account, and stored in password managers. Most recently, we’ve been admonished that every login needs a second proof of identity, known as two-factor authentication—usually a number sent by text or email.