as long as they're used correctly, both by the user and the system, and that they correspond to the amount of security a particular system requires. That includes the usual refinements such as salting, proper storage, moderate to high strength, etc. Saying that passwords are weak is like saying that hammers are dangerous. Tools, when used properly, will do the job.

I've used an online banking system that required entering a password, selecting an image and answering a question before being able to log in. These three systems in themselves are not particularly full-proof, but used together (and correctly) make for good security. Other systems also include a hardware token.

Exploits exist for routers and firewalls. Put more than one layer and getting in gets more difficult. Passwords are only one of many security schemes that exist and not all systems require the same amount of security. I'm quite happy slashdot doesn't need as many security elements as my bank does to log in.

When articles about passwords come up, the usual rant is mostly against users choosing weak passwords or writing them down. In cases where the security of an account is compromised, the user, that is, the customer, should never be blamed. It is the responsibility of the system to pick a suitable security scheme, enforce it and take all possible measures to avoid leaking the data. Blaming a customer for choosing hunter2 as a password and getting hacked is ridiculous. It's like blaming the customer for "excessive bandwidth" while using their 100Mbit/s line. Users will take what you give them.

You want strong security? Implement it. You don't need it? Stick with passwords.

Stop blaming the users.

refers to Mary being born free of the original sin, not the virginal conception of Jesus.