Zero-factor authentication

Dorin
Social

You invited me to your site. I need to make an account because you need to keep tabs on me, perhaps you wanted to know where I live and to remember me and all my orders. Fine, I get it. It works. I will no longer complain about that, I let other smarter people to do that.

Now you offered me the „secure way” of doing things. Two factor authentication is the way. It will make sure that I will not be ever hacked – because while the first factor, the username and password are leakable, the second authentication factor is not. Nevermind the fact that if it’s digital it’s hackable, and there’s no invulnerable spot in the entire Internet. I get it, you want me to install something on my phone (which is definitely invulnerable, right?) and type the thing I see on the screen there. Awesome, right?

Wrong.

For the first factor of authentication I always had the password manager – now there’s one in your browser, it begs you to save your password. For good reason: if I want to remember something it usually stays quite simple, like my favorite password, „Password!234”. But smart people tell me that this is a bad password, and I kind of know it is, but it satisfies all the requirements – it has special signs, digits, a capital and minuscules, over 8 characters. But now they want something that looks like „IyZr0QqNCMgU”, which is something that evil hackers cannot guess. I can’t remember that for every site I go to, so I need to use a password manager, and for f***’s sake, everyone wants me to create an account, to have an user and a password on their site. Not even my keyboard drivers((from the genius Razer people, who also require me every few weeks to retype my credentials to access their software installed on MY machine, because they cannot remember a set of credentials properly)) work without me being logged in((with the next offender being NVidia, who forces me to create an account on their site if I want to do anything with my 3D card)).

This is a solved problem – solved in different ways, for example Apple has a very creative random e-mail address generated for each account you create, but seriously, it’s just a thing to avoid. We create hurdles, we create ways to work around those hurdles, but still keeping them in place.

Authentication factor solved!

Authentication factor solved!

So the first factor of authentication is a solved problem. I never need to type in my password, my password manager does that. Surely, the second factor authentication will fix this issue. Because everytime I need to log in it will ask me for a second authentication token, right? RIGHT!

Oh, wait, what does this button do?

Oh, wait, what does this button do?

So in fact we come quite fast from two factor authentication to zero factor authentication. It’s good that we enabled that good two factor authentication, because two factor authentication good! Safe! Awesome!

I’m not sure why are we so dumb to go for this two factor authentication hype, when most of the times we don’t really need a user and a password. But I bet that a smart fellow at Google, Facebook, Amazon or Apple will come with the next super-feature that will do a third factor authentication, because the other two factors are so easy to bypass. And I bet it will be legendary.