Improving security means killing the password, but that battle has just begun June 22, 2018 https://www.digitaltrends.com/computing/why-the-password-is-dying/
Many of these issues are being addressed in the new FIDO2 protocol. Yubi already has them out, but adoption is moving slowly.
Interesting stuff, so passwords should only be stored on devices? I think I like Hypr's approach. BTW, I've been thinking on how to secure online banking, I believe you should be able to register certain devices as trusted. This means that when you login from these devices (laptop, desktop, tablet or smartphone), you will need to enter a username/password and a one time password (OTP) that's generated by the device. Malware will not be able to intercept this OTP because it's protected by the CPU, see link. If your device is stolen, then that person still needs to know your password. If you want to login from some other non trusted device, the only way to login should be via your smartphone, which should provide the 2FA. https://www.pcworld.com/article/322...wo-factor-authentication-from-your-phone.html
