Will Everyone Please Quit Bitching About Passwords?

The Wall Street Journal has yet another article today telling us how terrible it is that we’re all still using passwords:

“Passwords are awful and need to be shot,” says Jeremy Grant, head of the National Strategy for Trusted Identities in Cyberspace, a task force created by President Barack Obama in 2011 to bolster online security.

Despite all their flaws, passwords are so ubiquitous, cheap to use and entrenched in the architecture of websites and the rhythm of human behavior that efforts to supplant them have barely budged. “It’s the only piece of technology from 50 years ago we’re still using today,” says Brett McDowell, a senior Internet security adviser at eBay’s PayPal unit.

First things first: McDowell is wrong. We still use keyboards. We use monitors. We use hard drives. We use integrated circuits. Now, you might argue that we use way better versions of those things (except for keyboards, which inexplicably keep getting worse), whereas passwords are mostly just as primitive as they were in 1964. But that’s as far as you can plausibly go.

Anyway. Why do we still use passwords? Answer: for the same reason front doors still use simple locks. They may provide weak security, but they do provide some security, and they’re the only solution that’s both cheap and universal. So if you think it’s scandalous that we’re still using passwords 50 years after they were invented, then prepare to be even more scandalized by front-door locks. That technology is centuries old!

And then prepare to be even more scandalized, because none of the proposed replacements for passwords (fingerprint scanners, gesture identification, face detection, etc.) are either cheap or ubiquitous, and they’re not going to be anytime soon. No matter what your preferred solution is, it needs to become a standard and then get rolled out on every computer in existence. Please note: Not every PC. Every computer. Not every American computer. Every computer in the world.

So quit moaning about all this ancient technology. Passwords are going to be around for a while, no matter what the security gods of Silicon Valley would prefer. In the meantime, if you’re a user, use strong passwords. If you’re a corporation, encrypt your hash databases. If you’re a technology guru, put away the retinal scanners and alpha wave detectors and figure out a clever way to make passwords more secure. Passwords may be here to stay for a while, but they don’t have to be the Achilles’ heel of the entire internet.


Headshot of Editor in Chief of Mother Jones, Clara Jeffery

It sure feels that way to me, and here at Mother Jones, we’ve been thinking a lot about what journalism needs to do differently, and how we can have the biggest impact.

We kept coming back to one word: corruption. Democracy and the rule of law being undermined by those with wealth and power for their own gain. So we're launching an ambitious Mother Jones Corruption Project to do deep, time-intensive reporting on systemic corruption, and asking the MoJo community to help crowdfund it.

We aim to hire, build a team, and give them the time and space needed to understand how we got here and how we might get out. We want to dig into the forces and decisions that have allowed massive conflicts of interest, influence peddling, and win-at-all-costs politics to flourish.

It's unlike anything we've done, and we have seed funding to get started, but we're looking to raise $500,000 from readers by July when we'll be making key budgeting decisions—and the more resources we have by then, the deeper we can dig. If our plan sounds good to you, please help kickstart it with a tax-deductible donation today.

Thanks for reading—whether or not you can pitch in today, or ever, I'm glad you're with us.

Signed by Clara Jeffery

Clara Jeffery, Editor-in-Chief

payment methods

We Recommend