Comment Re:wow, really? (Score 2) 51
I'd say there should be a path of not dealing with password rules by getting away from passwords.
I also say that the fact that PKI is considered annoying is a bit of a failure of the industrey to make it easier. Fundamentally, it's not a hard thing, but usability hasn't been high on the list.
Big problem in general is that you have some people on one side trying to get stuff done, but being woefully clueless about security, and then on the other side people who *only* care about security, failing to understand how they could make good security practices more frictionless in the use case. Then you have horrible things where the security people can't *possibly* review the whole body of work and there remain glaring issues while ugly bolt on of 'security' in awkward ways that make way less sense than it *could*.