Passwords "were" just easy. Right now due to the restrictions on password choice, and before mentioned brute-force techniques and leaks, they are not easy anymore. My bank keeps asking me to change my password every 3 months, doesn't let me use any password that I used in the past. In order to do that check, they have to store my previous passwords as well. In case of a leak, not only I'll lose my current password data but also all the previously used passwords which I might be using for different banks at the time because different banks also keep asking me to change my password.
Google does a good thing here I guess, they first authenticate your mobile device, and whenever you signup from a new device or have a suspicious activity, they ask you to confirm the action from your mobile device. It doesn't take any longer than 10 seconds to verify the authentication and move on.
At the end, the reason why we have passwords is to authorize the user. However, current solutions are evolving based on a solution we found in the past, and assuming it's still the easiest/best solution. I believe if we focus on the problem, we can come up with better and more secure solutions.
_______________________________________________ The cryptography mailing list cryptography AT metzdowd.com https://www.metzdowd.com/mailman/listinfo/cryptography