We know the password system is broken. So what’s next?

The password system itself is broken. The system places too much demand on the memories and patience of people who aren't trained to think about computer security all day.

Even when companies offer advanced options -- such as two-factor authentication, which sends people a second, onetime-use code to add to their log-in information -- many don't use it because it makes an already annoying process even more complicated. The point is not lost on technology companies, who are chipping away at methods to make it easier for users to sign into accounts by using their fingerprints, voices or faces, so that they won't have to memorize a million different passwords. Most of these options are centered on the smartphone, since that's increasingly the most common device people use. But as promising as some of these solutions are, they also carry their own problems.