In an era where computing power has exploded a thousand-fold since the 1990s, a single, decades-old relic remains the gatekeeper to our digital lives: the password. The Hated One argues that this relic is not just outdated but actively dangerous, posing a threat to global GDP that rivals the economic disruptions of the 1920s. This is not a gentle nudge to use stronger characters; it is a forensic dismantling of the entire authentication model, asserting that the only way to stop getting hacked is to have nothing left to hack.
The Illusion of Control
The core of the argument rests on a brutal calculation: human behavior cannot keep pace with machine speed. The Hated One writes, "The technology has far surpassed the level of protection passwords can offer but we are still using them only with the non-binding recommendation of just try to make them more complicated." This framing is effective because it shifts the blame from the individual user to the system itself. We are asked to perform an impossible task—managing dozens of unique, complex credentials across dozens of devices—while adversaries wield trillions of guesses per second.
The author illustrates this asymmetry with the rise of sophisticated phishing. It is no longer about crude Nigerian prince scams but about pixel-perfect clones of legitimate sites, where the only giveaway might be a missing letter in a domain name. As The Hated One notes, "All it takes is for your brain to freeze for a second on an autopilot and not notice the difference between an rn and an m and your pond is gone." This observation is chillingly accurate; the cognitive load required to verify every URL is unsustainable for the average human.
"Half of your password security depends on making sure you do everything right... and the other half is completely outside of your control."
This split highlights the fundamental flaw: even if a user is perfect, the system is not. The Hated One points out that companies store passwords in centralized databases, making them prime targets. "Eighty percent of hacking related data breaches involve compromising passwords," the author states, citing the Facebook scandal where half a billion passwords were stored in plain text. The argument here is that hashing—a one-way encryption function—is insufficient because it does not solve the centralization problem. If the database is breached, the game is over.
Critics might argue that multi-factor authentication (MFA) via SMS or apps provides a sufficient bridge, but the author dismisses this as a bandage on a bullet wound. Recovery questions are labeled a "complete joke," and password resets are described as a "56 success rate" nightmare that drives users toward convenience over security.
The Case for Decentralization
So, what replaces the password? The Hated One proposes a radical shift from centralized secrets to decentralized keys. The solution is not biometrics, which can be spoofed or stolen, but public key cryptography. "The best way to avoid getting hacked is to have nothing to hack," the author writes, introducing the concept of passwordless authentication via the FIDO (Fast Identity Online) protocol.
The mechanics are elegantly simple yet mathematically robust. Instead of sending a secret to a server, the user's device holds a private key that never leaves the hardware. The server only holds the public key. "The online service verifies that you hold the authentication on your device and it is you who is requesting that the website is legitimate," explains The Hated One. This reverses the trust model. The server does not need to protect a database of secrets; it only needs to verify a cryptographic signature.
This approach inherently defeats phishing. Because the cryptographic key pair is unique to the specific domain, a clone site cannot trick the authenticator. "If an attacker creates a clone on a different domain... vital will reject their challenge," the author asserts. This is a critical distinction: the security is baked into the protocol, not the user's vigilance. The implementation relies on hardware tokens, such as USB keys, or native device security, ensuring that the "authenticator never leaves your device ever."
The Path Forward
The piece concludes by acknowledging that while the technology exists, adoption is lagging. The Hated One notes that "sites that do not support it are lagging behind," urging readers to check the 2FA directory for services that support hardware tokens. There is a strong emphasis on open-source hardware, recommending keys from Nitrokey and Solo Key over closed systems like YubiKey, arguing that "you have to trust the firmware they sell you" with proprietary devices.
"Passwords are inherently insecure so what's the solution? It's simple: we kill the password."
This is the piece's most striking declaration. It cuts through the noise of "best practices" to demand a structural overhaul. The argument gains strength from the sheer inevitability of the trend; as remote work becomes the norm and computing power grows, the password becomes an increasingly fragile link in the chain.
Bottom Line
The Hated One makes a compelling, evidence-based case that the password is a failed technology that we are clinging to out of habit rather than necessity. The strongest part of the argument is the demonstration that human error is not a bug to be fixed but a feature of the current system that cannot be patched. The biggest vulnerability lies in the friction of adoption; convincing millions of users and thousands of enterprises to switch to hardware keys is a monumental logistical challenge. Readers should watch for the gradual rollout of FIDO2 standards in major browsers and operating systems, as this will likely be the tipping point that finally renders the password obsolete.