Why do we still use keys to start cars? why not passwords?
Poor password choices
The primary threat that a car lock protects against is theft of the car or of objects inside the car. Most theft is opportunistic, not targeted: go to a parking lot, try multiple cars until you find a poorly protected one. With passwords or PIN, you know that many people are going to pick password or 1234 or for the more paranoid their date of birth. Locking a car after failed attempts doesn't matter: the thief will just try the three most likely values on each car then move on.
Additionally, force-locking the car after failed attempts would be annoying if your kid starts mashing the buttons.
Shoulder surfing
Typing a password is vulnerable to shoulder surfing. It's hard to duplicate a physical key solely from pictures (it can be done, but only with precise enough pictures). It's impossible for an unaided human to duplicate a physical key.
It's easy for an unaided human to remember the PIN they've just seen somebody type. Pass by someone in a parking lot, note the PIN, see them the next day/week around the same time, profit.
Loaning
I can loan my car keys to someone. When they give me back the key, I can be reasonably confident that they no longer have access to my car. Sure, they might have duplicated the keys, but that requires time (if they only borrow the car for a short time, I know they haven't done it), and if I trust them enough to loan my car, I probably trust them not to copy the keys.
If there's a single password to open the car, then if I let someone use my car, they have access forever.
This can be solved by having multiple passwords to open the car, of course. But that adds another set of difficulties. One is that the key space might need to be larger: with a small key space such as a 4-digit PIN, the probability of an uninformed guess can become non-negligible with multiple valid codes. A bigger difficulty is that this requires Joe Random to do key management. Joe Random's VCR blinks 12:00 since the last power failure. (Maybe not anymore with DVR that have an Internet connection.) Joe Random understands physical tokens — if I have the object in my hand, I control it — but not password management.
Because it's easier to get an electronic system wrong, and when you get it wrong it costs you a lot of money and bad PR to fix it:
- Chrysler recalls 1.4 million cars due to electronic key hacks
- Land Rover recalls 65,000 cars due to electronic key hacks
- BMW sends OTA patch for 2.2 million cars affected by electronic key hacks
There are a lot of ways to get it wrong, too:
- Poorly designed wireless protocol leading to replay / sniffing attacks.
- Poorly designed / implemented crypto allowing brute-force of rolling codes.
- Poor RNG allowing prediction of security-critical values.
- Improper checks performed in the car's firmware allowing for state machine abuse.
- Buffer overflows and similar software bugs in the car's firmware.
On top of that, the keys become more expensive, the key provisioning systems become more expensive, and in the long term you end up with a lot of technical debt because you have to support people asking for replacement keys for models of vehicle that you haven't manufactured in 10 years.
Physical locks and keys are relatively simple, relatively reliable, relatively easy to get right in terms of physical design, and don't inherently suffer from remote attacks. Keys also force thieves to be in direct physical contact with the car, which is a bonus from a forensics and investigation point of view.
I have exactly the opposite problem. Why do we use these silly password based systems that have major flaws when physical keys have secured everything relatively successfully for centuries?
The password based system is horribly flawed. Few people understand how easy it is to guess passwords. Forgetting passwords is incredibly common, far more common than losing all the copies of your keys. I've forgotten dozens of passwords over the years, but not once have I lost every copy of a key.