Replacing ‘Password’ with ‘Password + Something Else’?
“The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes”∗ https://www.microsoft.com/en-us/research/wp-content/uploads/2016/02/QuestToReplacePasswords.pdf
According to this Microsoft paper, “It will augment passwords with hand gestures push notifications and 2 factor authentication.”
Well, should ‘hand gesture push notifications’ be deployed with ‘passwords’ in security-enhancing in-series/two-layer formation, it would fatally damage the scheme’s availability; what would happen when people who are able to feed their correct passwords get falsely rejected by inconsistent gestures?
On the other hand, should the two factors be deployed in in-parallel/two-entrance formation, the availability would not be damaged but the overall security would be even lower than a password-only authentication as examined in this 2-minute video “Biometrics in Cyber Space — “below-one” factor authentication” https://www.youtube.com/watch?v=wuhB5vxKYlg
By the way, it might be deemed possible to claim that we are ‘less’ dependent on passwords where passwords are augmented by something else, but ‘password-less’ coming from the people who utter ‘remove’, ‘eliminate’ and ‘kill’ with respect to passwords is no different to ‘password-free’ in the world where a double-speak is not respected.
Anyway, if the proposition “the password can be replaced by the password + something else” be valid, we should be able to allege that ‘mother’ can be replaced by ‘mother and father’” or, more likely, ‘mother or father’”.
For more of our discussion, refer to “Wrong Voices from Big Players” https://www.linkedin.com/posts/hitoshikokumai_us-tech-titans-look-to-ditch-passwords-activity-6928910359055527936-92Mz/