The Problem With Passwords: Why Cryptographic Signatures Are Better

A forensic analysis of why passwords remain the dominant authentication mechanism despite being the primary breach vector. How cryptographic signature-based authentication eliminates entire categories of attacks that passwords cannot address.

The password was invented in 1961 by Fernando Corbato at MIT for the Compatible Time-Sharing System. It was a temporary access control mechanism for a shared mainframe. Sixty-five years later, it remains the dominant authentication method for 80% of web applications. The 2025 Verizon Data Breach Investigations Report attributes 68% of breaches to the human element, with stolen credentials as the single largest attack vector for the fifteenth consecutive year. The password is not failing because implementations are poor. It is failing because the entire model is architecturally incapable of meeting modern security requirements.

Cryptographic signatures, the authentication primitive used by Sign-In With Ethereum and other wallet-based protocols, operate on fundamentally different mathematical principles. The server never possesses the secret. The secret never traverses the network. The authentication event is bound to a specific message, preventing replay. These are not incremental improvements. They are categorical eliminations of attack surfaces that passwords cannot address regardless of implementation quality.

The Structural Failures of Passwords

Passwords fail at every layer of the authentication stack. Understanding why requires examining each failure mode independently.

The Shared Secret Problem

Password authentication is a shared secret protocol. The user knows the password. The server knows a derivative of the password (typically a hash). Authentication succeeds when the user proves knowledge of the secret by transmitting it (or a derivative) to the server.

This model has a fundamental flaw: the secret must traverse the network during every authentication event. TLS encrypts the transport channel, but the plaintext password exists in server memory during verification. It exists in the application layer before hashing. It exists in log files when a developer accidentally logs request bodies. It exists in error reporting tools when an exception captures the request context. The attack surface is not the cryptographic channel. It is every piece of software that touches the plaintext between the user’s keyboard and the hash comparison function.

In a 2024 analysis by Specops Software, 83% of compromised passwords met standard complexity requirements (8+ characters, mixed case, number, symbol). The passwords were not weak. They were stolen through phishing, credential stuffing from other breaches, and server-side compromise. Complexity requirements do not address these vectors.

The Reuse Catastrophe

NordPass’s 2025 report indicates that the average person maintains 168 online accounts. Password manager adoption has reached approximately 34% of internet users globally. The remaining 66% manage credentials through memory, browser autofill, or physical notes. Password reuse rates among non-password-manager users exceed 65%.

A single breach at a low-security service (a forum, a small e-commerce site, a newsletter) compromises the credential that the user also uses for their email, banking, and cloud storage. This is not user negligence. It is the predictable outcome of a system that requires humans to generate and remember 168 unique high-entropy strings. The system design guarantees the failure mode.

Credential stuffing attacks, which replay stolen username/password pairs against other services, generated over 193 billion attempts globally in 2025 according to Akamai’s State of the Internet report. These attacks succeed at rates between 0.1% and 2%, which at 193 billion attempts translates to hundreds of millions of compromised accounts annually.

The Phishing Surface

Passwords are phishable by design. The user types the password into a form. If the form is on a fraudulent site that mimics the legitimate service, the password is captured. Anti-phishing measures (checking the URL, verifying the TLS certificate, recognizing visual inconsistencies) require the user to perform security analysis during every authentication event. Humans are not reliable security analyzers.

Google’s Threat Analysis Group reported that targeted phishing campaigns in 2025 achieved click-through rates of 12% to 35%, depending on the sophistication of the lure. Among those who clicked, credential submission rates exceeded 60%. Multi-factor authentication reduces the impact but does not eliminate it: real-time phishing proxies (tools like Evilginx2) capture both the password and the MFA token simultaneously, relaying them to the legitimate service before the token expires.

The fundamental issue is that password authentication cannot distinguish between a user authenticating on the legitimate service and a user authenticating on a convincing replica. The password itself carries no binding to the domain, the session, or the specific authentication request.

The Storage Liability

Every service that accepts password authentication must store password hashes. Each stored hash is a liability. Breaches of hash databases enable offline cracking attacks against every user simultaneously. Modern GPU clusters can test billions of bcrypt hashes per second. A hash database containing 10 million entries represents 10 million simultaneous cracking targets.

The Have I Been Pwned database contains over 14.2 billion compromised accounts as of early 2026. This number grows with every breach. Each compromised credential does not only affect the breached service. It affects every service where that credential was reused.

How Cryptographic Signatures Work

Cryptographic signature authentication replaces the shared secret model with an asymmetric proof model. The user holds a private key. The server holds nothing. Authentication proceeds through challenge-response, where the server issues a challenge, the user signs it with their private key, and the server verifies the signature using the corresponding public key.

The Mathematical Foundation

Elliptic curve digital signatures (ECDSA), the algorithm used by Ethereum wallets, operate on the secp256k1 curve. The private key is a 256-bit integer. The public key is derived from the private key through elliptic curve point multiplication, a one-way function: computing the public key from the private key is trivial, but computing the private key from the public key is computationally infeasible (estimated at 2^128 operations, beyond the capability of any foreseeable computing system).

When the user signs a message, the algorithm produces a signature (r, s, v) that is mathematically bound to both the message content and the private key. The server performs ecrecover on the signature to derive the public key, and from the public key derives the Ethereum address. If the derived address matches the claimed address, authentication succeeds.

The private key never leaves the user’s device. It does not traverse the network. It does not exist in server memory. It is not stored in a database. The server verifies a mathematical proof without ever possessing the secret that generated it.

Domain Binding and Replay Prevention

The SIWE specification (EIP-4361) binds the signature to a specific domain, nonce, chain ID, and timestamp. A signature generated for service-a.com cannot be replayed against service-b.com because the domain is embedded in the signed message. A signature captured by an attacker cannot be replayed because the nonce is single-use. A signature from last week cannot be used today because the timestamp has expired.

This is structurally impossible with passwords. A password captured on a phishing site is valid on the real site. A password intercepted in transit is valid for the next authentication attempt. The password carries no context about where, when, or for what purpose it was entered.

Zero Server-Side Storage

In the GhostPass implementation, the server does not even store the public key or the Ethereum address. It stores a SHA-256 hash of the address, which cannot be reversed to the original. If the server is fully compromised, the attacker obtains address hashes that cannot be linked to specific wallets and temporary session tokens that expire within one hour.

Compare this to a password breach: the attacker obtains password hashes that can be cracked offline, email addresses that enable targeted phishing, and security question answers that enable account takeover across other services. The asymmetry in breach impact is not marginal. It is categorical.

Attack Surface Comparison

A systematic comparison of attack vectors against password-based and signature-based authentication:

Phishing

Passwords: Vulnerable. The user enters the password on a fraudulent site. The attacker captures it and replays it on the real site. MFA reduces but does not eliminate the risk (real-time proxy attacks).
Signatures: Resistant. The wallet presents the domain name in the signing prompt. The user can verify they are signing for the correct domain. The signature is bound to the domain and cannot be replayed against a different service. A phishing site requesting a signature for stealthcloud.ai would need to present a signing request with that domain, and the signature would be useless on any other service.

Credential Stuffing

Passwords: Vulnerable. Credentials from one breach are tested against other services. Succeeds when users reuse passwords.
Signatures: Not applicable. There are no credentials to stuff. Each service receives a unique signature bound to a unique challenge. Possessing a signature from one service provides zero advantage against another.

Server-Side Breach

Passwords: Catastrophic. The attacker obtains the hash database and cracks passwords offline. Even with bcrypt, weak passwords fall within hours. Email addresses enable follow-on attacks.
Signatures: Minimal impact. The attacker obtains address hashes (if stored) and ephemeral session tokens. No offline attack is possible because there is no secret stored server-side.

Man-in-the-Middle

Passwords: Vulnerable without TLS. With TLS, the transport is protected, but the password exists in plaintext at the application layer.
Signatures: Resistant. Even without TLS, the attacker captures only a signed message. They cannot extract the private key from the signature. They cannot modify the message without invalidating the signature. They cannot reuse the signature because the nonce is consumed.

Passwords: Vulnerable. Users can be tricked into revealing passwords through phone calls, fake support requests, or impersonation. Password reset flows (email, SMS, security questions) create additional social engineering surfaces.
Signatures: Resistant. The private key is managed by wallet software, not human memory. There is no “tell me your private key” social engineering path that bypasses the wallet’s signing interface. There is no password reset flow to exploit.

Keylogging

Passwords: Vulnerable. A keylogger captures the password as the user types it.
Signatures: Partially resistant. The private key is stored in the wallet (or hardware device), not typed by the user. However, if the wallet is a software wallet and the device is compromised at the OS level, the private key could be extracted from memory. Hardware wallets eliminate this vector entirely by performing signing operations in a secure enclave.

The Transition Path

Passwords will not disappear overnight. The installed base is too large, the user habits too ingrained, the existing infrastructure too dependent. But the transition is underway on multiple fronts.

Passkeys (WebAuthn)

Passkeys are the consumer bridge from passwords to cryptographic authentication. They use the same asymmetric cryptography principles (public/private key pairs) but store the private key in the device’s secure enclave and authenticate via biometric (fingerprint, face). Apple, Google, and Microsoft have all integrated passkey support into their platforms.

Passkeys solve the usability problem that has historically limited cryptographic authentication adoption. The user taps a fingerprint sensor. The device generates and verifies the signature. No password. No key management. No seed phrase.

The privacy trade-off depends on the synchronization model. Apple’s iCloud Keychain synchronizes passkeys across devices, which means Apple has access to the encrypted key material. Google’s Password Manager does the same. Users who require privacy from platform vendors must use device-bound passkeys, which do not synchronize and therefore do not survive device loss without a backup.

Wallet-Based Authentication

Sign-In With Ethereum provides passkey-equivalent security properties with stronger privacy characteristics. The wallet is not tied to a platform vendor. The address can be unique per service. No third party observes the authentication event.

The usability gap between wallets and passkeys is narrowing. Embedded wallet providers create wallets during onboarding without requiring the user to install a browser extension or manage a seed phrase. ERC-4337 smart accounts enable social recovery, eliminating the catastrophic key loss scenario. Session keys reduce signing frequency.

Enterprise Adoption

The enterprise sector’s motivation is financial. IBM’s 2025 Cost of a Data Breach Report places the average breach cost at $4.88 million, with credential-based breaches among the most expensive due to their long dwell time (average 292 days from breach to containment). Eliminating the credential database eliminates the breach vector.

Financial services firms have begun adopting cryptographic authentication for high-value operations. The driver is not ideology. It is the actuarial calculation that password-based systems generate more liability than they save in implementation cost.

Why Passwords Persist

If cryptographic signatures are categorically superior, why do passwords remain dominant? Four factors:

Ecosystem lock-in. Every web framework, every hosting platform, every SaaS tool, every enterprise directory supports password authentication. The infrastructure exists. The training materials exist. The support procedures exist. Replacing this ecosystem requires more than a better technology. It requires a better ecosystem.

User mental model. Users understand the concept of a secret word. They do not understand the concept of elliptic curve cryptography. This matters less than it appears, because users also do not understand how TLS, HTTPS, or OAuth work, yet they use all three daily. The gap is not comprehension. It is exposure.

Recovery expectations. Users expect to recover access when they lose their credentials. “Forgot password” is a feature, not a bug, in the user’s mental model. Cryptographic systems traditionally had no recovery mechanism: lose the key, lose access. Social recovery wallets and account abstraction are addressing this, but the perception persists.

Regulatory inertia. Many compliance frameworks (PCI-DSS, HIPAA, SOX) specify password-related controls (rotation, complexity, storage requirements). These frameworks have not yet caught up with the existence of password-free authentication. Compliance officers default to what the framework explicitly addresses.

The Mathematics of Inevitability

The argument for cryptographic signatures over passwords is not philosophical. It is statistical. Passwords generate breaches. Breaches generate costs. Costs incentivize alternatives. Cryptographic signatures eliminate the attack vectors that generate the majority of breaches. The market will follow the cost curve.

The FIDO Alliance reports that passkey-enabled accounts experience 99.9% fewer account takeover incidents than password-only accounts. SIWE-based authentication has a theoretical phishing resistance that is not 99.9% but 100%, because the signature is domain-bound and a phishing site cannot produce a valid challenge for a different domain.

The transition timeline is measured in years, not months. But the direction is not in question. The password was adequate for a shared mainframe in 1961. It is not adequate for a global network carrying trillions of dollars in value and billions of people’s identities. The replacement is not theoretical. It is deployed, functioning, and measurably superior.

The Stealth Cloud Perspective

Stealth Cloud does not accept passwords. There is no password field in GhostPass. There is no password hash in our infrastructure. There is no “forgot password” flow, no password rotation policy, no complexity requirements. This is not a feature gap. It is the elimination of an entire category of vulnerability. Cryptographic signatures do not improve on passwords. They make passwords unnecessary. That distinction is the difference between iterating on a broken architecture and replacing it with one that works.