Help shape our next Random but Memorable episode for World Password Day! 🎙️

Bill Burr's advice on choosing passwords in 2003's NIST Special Publication 800-63 Appendix A (which he subsequently regretted and which was recently revised) resulted in decades of suffering.

1. Why should we trust current advice?
2. Why is the current best advice so inconsistently and poorly implemented?
3. Given how all our credentials are being constantly pwned , data purloined, cookies raided, links clicked, malware deployed, privacy violated, and time and attention wasted on hoop-jumping while brute-forcing logins is almost an anachronism, why not just use pɑssword1 everywhere? It has never been pwned.

Bonus controversial question:

      Passkeys remain more a platform capture tool than authentication method, so for how many more decades will we suffer in this password purgatory?