Comment Re:Passwords are overrated (Score 1) 180
That's the context missing from this article summary: in any of the realistic security scenarios the article describes, use of multi-factor is mandatory. You can get really lazy about passwords when you've got a good secure MFA solution required as well.
If you read the standard though,they made a whole bunch of assumptions that are also unrealistic in the real world that make following this advice WITHOUT using MFA suicidal. Ex. they say just force password changes if you think the password's been compromised. Ok, fine. And how long is it before you realize that a password's been popped? Maybe not until someone's used a zero day to own your whole environment. Whoops.
Defense in depth is a thing.