>The other odd point is that we shouldn't be advocating stronger methods of choosing passwords because we should be using multifactor authentication. I don't dispute that we should be using multifactor authentication in more places, but even in that case weak passwords are a problem!
Only he never says that weak passwords are OK. Instead he says that we should not let people decide them, and instead use a uniformly random distribution of passwords (i.e. generated automatically).
Only he never says that weak passwords are OK. Instead he says that we should not let people decide them, and instead use a uniformly random distribution of passwords (i.e. generated automatically).