[nashashmi]

> Maybe most people can't be trusted with creating and using passwords. … Microsoft's approach here [passwordless] (quite similar to many other companies) may be too risky for the general population.

Thirty years have been spent incrementally improving password logins. The amount of education the public has endured on password and login security is staggering. And yet even after all this, we assess the measures insufficient to login security?

I am referring to even the advanced security crowd. How can they recover access when all devices are lost? Passwords are the only self reliant way back. Secondary email addresses are the next way. Phone number is a third way. Social network is a fourth way. But a disaster can eliminate the second, third, and fourth way all in one shot. Password remains the most important recovery tool.