Everybody knows that most passwords will remain unchanged. Yet our collective response to Heartbleed has been to patch our servers and email users asking them to do something we know most of them won’t do.
Here’s what our response should have been:
ALTER TABLE users DROP COLUMN password;
Justin goes on to suggest one-time authentication codes delivered via email and SMS as the replacement. Regardless of what you think of the suggested solution, if Heartbleed get us to re-evaluate passwords and adopt a better authentication protocol on the web, it might just end up being a net win for us all.