Passwords can be a key component of strongly securing confidential information.
- they are chosen from a very large domain of data,
- require no exposure to be chosen,
- can require enormous effort to discover,
- are familiar to users,
- are familiar to developers.
For example, there are literally billions of choices for an 8 character password chosen from the English alphabet including 0-9.
You can construct this password in you head quickly without needing a computer, calculator or even pencil and paper.
Individuals have utilized passwords for a long time and understand how to use them. You don't need to learn a new security system. Passwords are not uncomfortable or intrusive.
What is true for individuals is also true for hardware/software developers. No new development or system integration is needed to use passwords. They are also very inexpensive to implement.
So why aren't passwords as strong as this sounds? See the next section!