The value of the 'Knowledge Factor'

Great article highlighting the value of the 'Knowledge Factor' (aka passwords and PINs).

https://www.wired.com/story/police-unlock-iphone-face-id-legal-rights/amp

You choose when to use your secret password or PIN to authenticate yourself - or not. And you can change it whenever you want to.

Try doing that with biometrics!

But everyone hates passwords, right? Sure, but the problem is the way they currently work. We've all got too many passwords, so we write them down, reuse them, or rely on third party services like password managers - and then pray they're safe.

However the real problem, if you think about it, is you have to reveal your password, by entering it or speaking it over the phone, to prove you know it.

But if you've got a secret, don't tell anyone!

The right approach is called 'Zero-Knowledge Password Proof' or ZKPP.

Simply put, with ZKPP I can prove to you I know a secret (e.g. a password or PIN) and you will know that it's me (not just someone with my phone or other security device who may or may not be me), BUT I never need to reveal my secret to you so you can't reuse that secret to impersonate me.

And the best part is that since I never reveal my secret I can safely reuse it, if I want to, for multiple different accounts and services instead of having to (try to) remember dozens of different passwords!