Everybody knows that most passwords will remain unchanged. Yet our collective response to Heartbleed has been to patch our servers and email users asking them to do something we know most of them won’t do.
Here’s what our response should have been:ALTER TABLE users DROP COLUMN password;
It turns out that passwords are obsolete, and they have been for a long time. Like the occasional pay phone you find in the back of a run-down restaurant, passwords have been unnecessary for years. The difference is that everyone laughs and reminisces when they see a pay phone, but nobody does that when they see a password field. But they should.
From “Passwords Are Obsolete, and they make Heartbleed a thousand times worse.” Interesting and worth a read.