Passwords are a problem. While they remain the main way we secure applications, services, and systems, they’re increasingly vulnerable. Cloud compute makes it economical to brute-force valuable passwords, while poorly-thought-out password policies drive users to inherently risky behaviors. And while password managers make it easier to have separate complex passwords for everywhere we need them, other “security” policies block us from using those passwords.