Introduction
Nirvana Fallacy: Comparing a realistic solution with an idealized one, and dismissing or even discounting the realistic solution as a result of comparing to a "perfect world" or impossible standard. Ignoring the fact that improvements are often good enough reason. [1]
The current best practice for securing your online identity is generally 2 factor authentication, the use of multiple different methods to prove you are who you say you are. Yet most people choose not to use it, the reality is most people are unwilling to prioritise security over ease of use. With that in mind...
FDIO
One of the best second factors is the FIDO standard, this is where the user authenticates by inserting a hardware 'key' into their computer's USB port. The key will then use it's private key to sign a login request to send to the website. The website can then verify the requests authenticity using the public key stored when the account was created. This means the private key never has to leave the device itself greatly reducing the risk of it being stolen.
Hardware authentication keys have many benefits over passwords, they don't require the server (or even the clients computer itself) to know the secret key, providing protection from the website being hacked and viruses on the laptop. They also don't require the user to decide on a password (something which most users are very poor at doing) & there is no password for them to forget. Users are also going to be unable to tell other people their password, providing some level of protection from social engineering. So if users are going to insist on using only a single factor for authentication, why not FIDO rather than passwords?
How it would work
- Type their email into the form and click the "Login" button.
- Plug their FIDO USB key into the machine and press the button
- That's it they are now logged in!
Why?
Benefits
- Risk model similar to existing auth system... house keys. If the user has their key, then they can log in and if they don't they can't.
- No passwords means no easy to guess passwords ("123456") and no reused passwords
- Users can't tell anyone their password so some protection from social engineering
- Quicker & easier for user (no forgetting passwords) and they are already carrying their keys with them everywhere
- No need to trust the client computer or the website with the secret key
- Existing standard and hardware
Problems
- "Passwords are secure enough for me" - Most users probably. People don't like change.
- Requires non-free hardware that users will have to buy
- Recovering an account when user loses their key. Can probably use a system similar to the "forgot password" system
Conclusion
This system will not be as secure as 2 factor authentication. But most people not willing to trade time and effort for security it has significant benefits over password authentication. It can also be sold to users as being "quicker & easier" which are things normal people care about.
[1] https://www.logicallyfallacious.com/tools/lp/Bo/LogicalFallacies/134/Nirvana-Fallacy