@dredmorbius@toot.cat@kyle@librem.one TL;DR: I disagree, passwords failed for intrinsic reasons, not any specific party's (or parties') implementations
Passwords were developed for a vastly simpler world. I think we really need to go back to first principles, and determine:
- What we expect passwords to provide.
- What the risks are.
- What the alternatives are.
- What the landscape / terrain / participants are, and what affordances these provide.
In particular, Fernado Corbato was solving a problem for a very limited-access facility with limited connectivity. The solution he devised for the 30 or 300 people inside that phsyical space wasn't appropriae for the 3 billiion outside (this was 1960), but those 3 billion had very little opportunity for access.
Today, 5--10 billion people have immediate access to many online systems. If we consider nonhumans potentially accessing systems, that count likely increases by a few more orders of magnitude. Passwords somewhat work within a spatially-constrained space, not in a global one. Global data systems have a fundamentally different data / security "physics".
Corbato came to think passwords were a nightmare, and that they were designed "to protect against casual snooping":
https://www.welivesecurity.com/2014/05/23/password-inventor-says-creation-now-nightmare/
I share your concerns for hegemonic appropriation of identity. But in a #HierarchyOfFailureInProblemResolution, I think the assessment that passwords are themselves a problem is correct.
https://old.reddit.com/r/dredmorbius/comments/2fsr0g/hierarchy_of_failures_in_problem_resolution/
- What's the problem?
- What's the root cause?
- What's the goal?
- How do we get there from here?
- Who needs to help, or get out of the way?