Well randomized as in not your daughter’s name and her birthday as a password. But I get what you mean. Diceware passwords can provide “sufficiently random” passphrases that, if the end user chooses, does not have to have any numbers or special characters.
For the first part, yes at some point in the future, any password n-1 will be in the database. Getting users to get used to generating 20+ character strong passwords is a challenge today. Once we can solve that, through education, we can then move beyond passwords and single factor authentication.
For the first part, yes at some point in the future, any password n-1 will be in the database. Getting users to get used to generating 20+ character strong passwords is a challenge today. Once we can solve that, through education, we can then move beyond passwords and single factor authentication.