To me it is obvious that passwords are insecure. Just think how many people are saving them in a browser without a master password, share them in internal chats, use same password everywhere because it's difficult to remember several passwords etc.