For all their numerous flaws, there is no replacement for passwords that are better for me (that I'm aware of), so I have no plans to migrate away from them.

I am unusual, though, in that I am meticulous about password security. More so than the average person is willing to be.

Thanks for the comment. What I hoped to achieve with the article was to restore some faith in passwords, because the main thing is that we've been giving and following bad advice for so long. They've had a lot of mud slung at them as a practice. Many long-standing operational flaws are addressed by the NIST revision. Clearly for some situations passwords are simply terrible, like for ssh services because you practically invite the world to fill up your logs.

One could write a whole little book on passwords, auth and identity. I wish people understood some of the subtleties more. I'm troubled to meet CISOs who still struggle with the conceptual foundations. I do feel there's a lot of bunk and plainly misleading talk about it by people who have fancy security products to sell, but the main culprit I tried to unmask there is the disingenuous pushers of solutions that are really out to track and weaken privacy behind the mask of "security".

I loved your article, by the way. It clearly stated many things that I had trouble articulating well. I'll be stealing some of what you wrote for use in future conversations.