Passwords are hell.
Worse, to make your hundreds of passwords safe as possible, they should be nearly impossible for others to discover—and for you to remember.
Unless you’re a wizard, this all but requires using a password manager.†
Think about how hard that job is. First, it’s impossible for developers of password managers to do everything right:
- Most of their customers and users need to have logins and passwords for hundreds of sites and services on the Web and elsewhere in the networked world
- Every one of those sites and services has its own gauntlet of methods for registering logins and passwords, and for remembering and changing them
- Every one of those sites and services has its own unique user interfaces, each with its own peculiarities
- All of those UIs change, sometimes often.
Keeping up with that mess while also keeping personal data safe from both user error and determined bad actors, is about as tall as an order can get. And then you have to do all that work for each of the millions of customers you’ll need if you’re going to make the kind of money required to keep abreast of those problems and providing the solutions required.
So here’s the thing: the best we can do with passwords is the best that password managers can do. That’s your horizon right there.
Unless we can get past logins and passwords somehow.
And I don’t think we can. Not in the client-server ecosystem that the Web has become, and that industry never stopped being, since long before the Internet came along. That’s the real hell. Passwords are just a symptom.
† We need to fix that Wikipedia page.