Stop-password-choice

Over the past month I have been questioning myself, why have we ever allowed
people to choose passwords.

A LITTLE INTRODUCTION

The last years the headlines where filled with articles about people using
terrible passwords. Not surprising as we have created a terrible password
culture. Firstly default password are often terrible examples, then we started
demanding people making complex passwords which resulted in same madness
because users started substituting l=1, e=3 or to symbols etc. Nothing in this is
helpful in terms of security. Also password complexity has annoyed many people
which does not contribute to willingness to adopt better security standards.

Generally speaking complexity isn't as relevant as expert have made it sound,
the entropy length of passwords is much much more important.

The same problem arises with mandatory password changes. While changing the
password actually does benefit security for multiple reasons it has never been
adopted by users in a great way. Users started to add years to their password,
or use multiple versions of the same kind of combinations of things they can
remember out of their lives. Think about what you use yourself, birthdays,
addresses, names of children or pets? All very easy to guess.

THE CHANGE ISN'T DOING ENOUGH...

Thought-out the last year more institutes like the NCSC have instructed people to
use passwords based out of random words. So called diceware password. But
who follows this advice? The answer is, not enough people do. The entry
criminals will use is always the easiest. So do all your employees pick good
passwords? I highly doubt it.

...AND IT NEVER WILL BE

This all made me question why have vendors in the first place decided to allow
people to set a passwords? What if, we just give users 3 'randomly' created
words. Why should their be room for choice? I could not find a satisfying
answer.

And yes obviously a better way to go is to use Passkeys.

Calling to all vendors: We should stop this.

End user choice of passwords today!