Posted in another Saidit discussion is this screen shot.
In it Kiwi farms admits they were attacks and successfully breached. That's fine on it's own. It happens especially when you are a major target. But under the user impact statement the admin tells users they should assume their password was stolen.
But this admits they were storing the passwords in plain text or an ineffective form of hashing at best.
You cannot trust a website to store passwords correctly no matter how much they understand that they would be a target or no matter how big a company they are and ought to have the resources to be responsible. Look at how many corporate credit card leaks there have been. Each of them a demonstration of how armature data storage can be even when "professionals" are hired.
The answer is that we should not encourage a security model that requires users to give us something that might be valuable if taken from us if we can help it. Identifying who someone is in a verified way is not a new concept to people in tech. There is a right way to do it (if not several) and passwords are not it. We only continue to use them because the shock of moving to an alternative would be jarring to the average internet user. All sites are marketed and so no site wants to implement anything that would be jarring to a user even if that means putting their security interests last.
The correct solution is cryptographic signatures. It doesn't require 0-auth which has its own problems especially for privacy. And it means you are giving exactly zero data out that could allow someone to spoof you.
But wouldn't that require a second piece of software that users don't want to use? Well, if you are doing passwords correctly you are using a password manager and so you are already using a second piece of software. To the degree that a password manager can be added to a browser to simplify it's use so too can a key manager. Second there would be no store of a large list of unique passwords to keep synchronized across multiple computers often requiring your password manager to act as a middle man (scary). Instead one key would be all that would need to be mirrored across all devices and would cover all sites so no continuous synchronization is needed. If you want identities across sites to be unique a single key can be used to generate an unlimited number of other keys using the website as a muse for how to derive the daughter key, so you still need no continuous synchronization or third party facilitators.
But no site wants to be the first to scare users by asking them to participate in their own security, nor do they want to give up the alternative "solution" of 0-auth that helps them compromise user privacy and participate in data mining. The other reason why 0-auth / two factor authentication is a non-solution is it helps facilitate the ability to cut people off of services at will. If they can cut your phone or cut your email you lose everything, and you lose it much faster than if they did that to you now.
Why tell this to people who mostly don't build websites and mostly use them? Because when you see a company doing the right thing and getting rid of passwords (if they are swapping them for signatures) it helps if consumers understand that they are the good guys for it and to not get angry. That fear of consumer anger is what prevents things from actually being secure.
Also, demand that website owners store passwords better. @magora. We're not cleartext here are we?