[georgemcbay]

"Now, one fine day somecrappysite.com gets hacked. The next time you visit, the web page has malicious code that sends your password in plaintext to someone. There go your Paypal funds, your Facebook account, your online life."

What an optimist! somecrappysite.com was probably storing your password in plaintext to begin with and it probably got pulled from the database long before you logged in again.

Having said that, this is an absolutely terrible solution for real-world usage because it inhibits people who are already security savvy from using better solutions like Stanford pwdhash or similar methods.

[diego]

Right, but those people are the one percent. How do we help the vast majority?

[georgemcbay]

Other than education and pushing them to use a secure password manager, I'm not sure, but the solution shouldn't involve breaking existing and secure systems which are widely used even if only by a minority of users.

[diego]

"widely used by a minority" <- you made my point.

[georgemcbay]

Not really.

The proposed solution adds little to no real world security (see my other post about how easy it would be to guess which part is the random one which makes this system not useful unless almost all sites use it, which will never happen). Given little to no real world security gain from the described system, it certainly isn't worth breaking an existing system that works just fine and securely even if for just a minority of people.

[ori_b]

Find a way to push for challenge-response authentication with a token that can be put onto a USB key. No, it's not easy to change the infrastructure to handle it, but IMO, it's the best chance to have secure authentication.

"This USB key is your identity card." is a simple concept to understand, and better than a password.