That's the problem, though. If people didn't reuse passwords, if people didn't use words and personal information in passwords and if people had no problem changing them every day then a lot of problems with security would be solved. But those are not realistic expectations, and blaming users for not being computers does not solve the problem.
Slow hash function certainly help, but I think we also need something that goes beyond straightforward cryptography to address authentication issues. Something that redefines the rules of the game to be more human-friendly and less computer-friendly.
But then again, I never even heard the question being phrase this way: what do we want from "program-less" authentication and what we can use to achieve it.
Slow hash function certainly help, but I think we also need something that goes beyond straightforward cryptography to address authentication issues. Something that redefines the rules of the game to be more human-friendly and less computer-friendly.
But then again, I never even heard the question being phrase this way: what do we want from "program-less" authentication and what we can use to achieve it.