Say what? I already implemented password vaults — and my users love it — as they don’t need to remember as many passwords as before. The end.
I understand. But sorry to say, you merely swept the problem under the carpet.
Why? Improving convenience for users is part of the solution. Yet, if you leave username and passwords fields and forms intact, you are not getting rid of passwords, nor mitigating the risk of them getting compromised.
See this image, of two login screens into WordPress. Which one would you say is really solving the issues we face with static credentials?
If you are using password vaults, at least force your users to protect them with a passwordless solution (and not with a single password to all their accounts).
Want to explore a passwordless enterprise? Take a system, one system — say SSO, PAM, VPN or WordPress — and make it passwordless.
We give this WordPress plugin free, to help make the case.
“The future is already here — it’s just not very evenly distributed” — William Gibson