[jechamt]

I really think it's counterproductive to downvote posts such as this one. Effective security absolutely must be based around user experience - your application needs users, and if you give them friction, they will vote with their feet. It's not about an emotional decision or stubbornness or unwillingness to learn, it's a statistical inevitability.

I'm confident experienced security professionals know this idea well: I'd posit that no one hates passwords more than the person who has to design the training explaining to everyone why they need to use unique passwords, of a certain length, of a certain complexity, and how the risk behind those changes in different environments. I hope mostly everyone would agree passwords are a terrible security solution. So if somebody wants to post that's how they feel about this, and their experience with a solution to get away from passwords, or minimizing them, let's have a discussion about what better options are out there (as some have already done in this thread).

In my view, the most important posts in the discussion of user-accessible security management are these posts that identify what makes every user need to be a hashing expert to select and manage the ever-expanding repository of account credentials we have today.