We keep trying to solve security problems by placing more and better locks on front doors that are seldom being used.

I&A is treated as the start of security because all authorized actions are supposed to be based on proven identities — the authentication process — and yet most hacks bypass I&A in its entirety.

It’s time to stop blaming passwords for problems which are at the implementation level. So long as I can go through a wall or in a window, more steel bars on the front door aren’t going to protect anything.