Google Declares War on the Password

I would say 2012 is the year of the strong passwords. If something related died in 2012, it is linked accounts in my view. I see at least three reasons why passwords are not dead:
 

• Most password replacements require some additional hardware. It will take quite a while before everybody has that hardware. And, is 'that' meaning Google's or Microsoft's or Apple's or some mullti-platform vendor's? So we will be in need for passwords for quite a while still, I think.
• Most stories about the weakness of passwords assume password hashes are crackable. That simply is not the case for strong passwords + strong hash methods. Look at Tom's hardware WiFi for the case of WiFi. And look at Diceware for relatively short passphrases such as "ares trudge vis beggar month" that are 'only breakable by an organization with a large budget'(source FAQ). Even with these short words and no symbols one has to try 10^19 dictionary combinations which takes this 25 GPU monster about 5 year for a relatively weak hashing method. And even longer for just symbol based brute force and even if the attacker would now that just lowercase characters have been used.
• Two factor authorization makes passwords even stronger. However, 2 factor authorization offers no protection at all if the password database with hash codes is compromised. Then again we have to rely on the strength of passwords and protection is as strong as your stored & hashed password is.

The references also give direction to when a password is strong. However, like with the hardware replacements, there is no free lunch. Strong passwords do require a secure password manager: No one can remember different 19 random character & symbol password for every site that needs protection. But everybody can learn to remember one or two strong paraphrases after a while: those needed to unlock the password vault/manager.