Some security people are advocating that the password (memorized secret) should be killed altogether, in many cases simply because it is unpopular.
I wonder if they are aware of what they mean by what they say; The society where login without users’ volition is allowed would be a society where democracy is dead. It’s a tyrants’ utopia.
Under an authoritarian regime where despots dictate, “non-volitional”
identification tools disguised as authentication tools would be welcomed that can be deployed for unconscious, insubordinate or even dead people.
Democracy must require the individuals to have the rights not to get their identity authenticated without their knowingly confirming it. This volitional process can be achieved only by “volitional” identity authentication involving memorized secrets, say, passwords and expanded passwords (related article).
We know that biometrics, which relies on a fallback password, can by no means be an alternative to the password, that the password is an indispensable factor for multi-factor schemes and that the security of password managers and single-sign-on schemes needs to hinge on the most reliable password.
The password (memorized secret) is absolutely necessary. Don’t let it be killed.
