What else would you use? Biometrics are expensive, and far less secure than passwords in most instances. Besides, once you have that information, it will get converted to a hash (same as a password) so you're really stuck with the same problem from a hacking point of view. And once somebody figures out the rainbow table for your retina, what are you supposed to do, change your retina?
Two factor auth is really the best way, and although it's kludgy, it provides the best protection. And it includes a password.
Some implementations are, but the concept is sound and can work smoothly. Your second factor could be a smart card or a USB dongle that's simply plugged in. Like an ATM, especially European ones.
Wouldn't it be cool if the second factor was something that was passive on your part. Something like an NFC on your phone, where the NFC "bubble" is boosted just enough that you don't need to pull it out of your pocket but isn't too large.
No, that's a bad idea. Requiring a positive action is better than passively scanning.
One of the big problems with automated online systems is that the user often has no chance to notice that something is going wrong. Giving them a chance to notice anomalies improves security.
E.g. I'll know if my house is broken in to, unless it's done by the very best (funded). OTOH someone could be copying my harddrive as we speak, and in many cases I'd have no idea.
you do realize this is the ministry of defense, right? they have budget and need. a clear cut case for better security needs than almost anyone. and they also have a history of saying "damn the usability" in the pursuit of their security goals.
some open source projects have better security, it seems, than the MOD. wtf? talk about an asymmetric world.
hardware tokens and/or biometrics (depending on the system they need access to). soft tokens (e.g. mobile devices) for low-sensitivity systems. widely available COTS laptops have fingerprint scanners, ffs.
given the nature of the work the system shouldn't be comprisable if a picture of a password gets out, which is suggested in this case. (the fact that it was written down suggests other failings, yes, in all sorts of areas.) your objections (cost, usability, etc), in this case, are pretty weak when you consider the sensitivity of the assets being protected.
soft token-based two factor auth is a growing commodity. key-based auth is commonplace now, and is recognized as strong. finally USB-tokens are also COTS at this point. given that a major government agency which supposedly knows a lot about security got hosed by this, i would expect the market to lag, not lead, security practices.
Laptop fingerprint scanners usually work by just storing the windows password in the registry (under reversible encryption). I'm not sure that's really a security enhancement.
And every one of your examples uses passwords in conjunction with a second factor, or uses biometrics which is a heavily flawed idea as I previously pointed out. Your answer does not support the comment you originally made. You're fighting windmills brother.
see, i don't think i am "fighting windmills", as you can guess, and here's why. the implication of having to change passwords due to this photo is that the only thing between an outsider and the inside was a password. my original comment was that no one had yet questioned the viability of passwords. not a one! so far it has just been "oh, i would have gotten shitcanned for that, lucky him he's a royal" and "oops!" no one on the esteemed HN had spoken up that holy crap passwords.
while my job in infosec isn't related to AAA i know that better stuff exists and that it's in budget and applicable here. i offered some ideas, you offer up criticisms, but i'm still wondering how no one had spoken up about the crappiness of it being 2012 and we still rely on passwords.
Two factor auth is really the best way, and although it's kludgy, it provides the best protection. And it includes a password.