Are Passwords Useless?

Not quite useless. A former employee wanted to log into my office software to get contact info of people she knew. Her old password no longer worked. Game over. She was angry, but that was all it took to avoid a data breach. Not everyone has advanced hacking skills.

I have an I8 iPhone which uses biometric protection. I hate it because I can only log on to my phone about 50% of the time using the fingerprint reader. My thumb is so razed by working with wood and glue that it is usually rough. I am interested in any protection device that will truly protect from hacker invasion, so I keep reading.

I have some hope SQRL developed by Steve Gibson will gain some traction this year. See https://en.wikipedia.org/wiki/SQRL and https://www.grc.com/sqrl/sqrl.htm.

Passwords must be matched with the owners - for example Bill Gates' or Warren Buffet's bank accounts should have layer upon layer of validation. BUT in most of our cases who is going to target them SPECIFICALLY? I defy any scammer to long-hand phish my bank password - he would have had to know me from birth - otherwise it is going to take a decoder much much longer than the simple passwords that too many people do use? Then the criminal has to be in ACTUAL possession of my phone because a code valid for only 4 minutes is required to get into my account for transfering or stealing cash.

The problem I have with many of these 2F mechanisms is they want a mobile phone which I don't have and if I did have would not always have with me (if I go out somewhere I don't want to be contacted).

My bank provides a chip reader that I need to set up new payees or make large payments and I don't need to do that away from home.

Is "p1a2s3s4w5o6r7d8" without the quotes better?

Actually you have not quoted Arsenault as saying passwords are useless. You made that conclusion Bob.

Using a password manager, such as LastPass to create effecive passwords will solve any password issues you may encounter.

Of course the fools that use such simple passwords really just do not care about security.

My passwords are easy for me to remember phrases. The only problem is some sites don't allow spaces.

https://m.xkcd.com/936/

What @Mike said. Use a password manager such as LastPass or KeePass and create complex hard to guess passwords. Passwords are only useless if you create common easily guessable passwords like "monkey", "password", "qwerty" etc

Guess what the fail-safe method is in case of a failure with Microsoft's non-password biometric software/hardware (and it will)?
You guessed it - ironically, a PIN, or password.
Too funny!
Those not concerned with security will still choose weak passwords, and never periodically change them - unless forced to by an outside source.

I wonder what Lois Lerner's dog used as a password.

https://www.independentsentinel.com/lois-lerners-dog-sent-emails-conducting-irs-business/

KeePass is free. All your passwords will be unique, and something like (but utterly different from) "o381wAgSF6xovMSarhi2", but you will never have to remember, or even look at, any of them ever again. Logging in to (e.g.) Amazon consists of click 1 (to open KeePass); enter my only password; click 2 (to select Amazon from a list); click 3 (to open the login page); click 4 (to auto-fill user name and password. That's it.

It is effectively 2FA — it only works on a device which has has a copy of my password vault, and then only with my one master password (something fairly secure but easy for me to remember).

Did I mention that it's free?

I have e-mail access thru a local educational set-up which uses a modification of 2FA. However, it is set up so that someone who does not have a cell phone can use their system. The group calls my regular land-line phone and I key in a code which connects me with the e-mail account.

I

I predict that fingerprint verification will eventually result in some lost digits. Don't underestimate these crooks.

If you only have a cell phone (no landline), and if that cell phone is lost or stolen, does that mean that now you cannot log into any of your websites that requires 2-factor? What is the procedure then?

EDITOR'S NOTE: You'd get a new phone and assign your number to it.

I don't have a bank account, I don't do business online, I don't ever take my computer to public networks, I don't download anything that I don't know. 99% of all security and 'safety' features on Windows are completely fucking irritating and useless to me. I refuse to have a Microsoft account, they can shove their free year of office up their asses. I have NO USE for anything but freeware products, and I wish I wouldn't have had windows installed at all.