Every day in every way, passwords are getting worse and worse

Passwords turn 65 this year. They became a feature of computer users' lives in 1961, with MIT's Compatible Time-Sharing System (CTSS). Before then, sysops were real sysops. All jobs went through them, one at a time, and access by others was forbidden by laws written on blocks of stone.

There are many, mostly sysops, who consider the introduction of direct user access as an abomination that has brought plague and chaos. They may well be right. Nevertheless, we are now stuck with this godless world. Passwords have hit retirement age, yet show no signs of going away, voluntarily or forcibly. They are, unhappily, getting worse at their job.

In the past couple of weeks alone, three new wrinkles in password security have appeared. Too-clever-by-half compilers can optimize away protection against time-based password attacks, password managers that are supposed to be architecturally invulnerable to compromise are less than perfect after ...