To me, it doesn't make sense. Yet. I just don't understand how you can identify someone without knowing at least one detail about them. 2FA (time based) works on a secret and the current time, changing every 30 seconds.
Encryption, works on a key, whether that's a shared secret key, or a public/private keypair.
Yes, the only problem with that is when they steal your 2fa privkey at the time of creation, or when your device time isn't exactly in sync, or when the user loses the privkey (because GA was in the stolen phone, etc)...
To me 2fa is not an excuse to replace a solid good randomized password made with a decent password manager (not online sites, free open source software) that also uses a very good password running in a secure OS unlikely to have random malware of the week sniffing.
Passwordless solutions have always been defeated at some point, they are way too dangerous. You can do a "one time", and then go asymmetric like with SSH you add public server keys to your client and never input login passwords again, but only if your OS is secured.
And very likely some of the passwordless proposals include fingerprinting you to the point of uniqueness. What happens when THAT info falls into the wrong hands? Same as with KYC/AML.
The idea of an innovative way to secure and get a hold of your stuff is astounding, let alone variable keys. But I don't think the general public is ready to accept it just yet. Most of the people are fond of using password and keys that itself provides enough security to fend off unwanted people, it's just that the system supporting the program is the one that fails which let in unwanted people from the chart.
--------------
The idea of working without a password or encryption without a key requires no getting used to, no fingerprints, no biometric identifiers.
So there is no need to get used to this technology.
You need to get used to complex passwords, new passwords for each new service.
Here everything is simplified for the user, but complicated for a cheater.
Moreover, the user gets 100% rid of phishing, stealing passwords and keys.
Only your device can be stolen.
But loss of the device is always visible, and loss of keys, passwords, personal information is not visible at all.
Access to you or your data happens regardless of your desire or your importance.
This is fully automatic data collection. It is a program that collects everything and everyone.
It's done by both the government and the crooks.
But the government doesn't want scammers to know more than the government. That's the reason why news like this happens:
On January 14th, the FBI seized the domain WeLeakInfo.com for providing users with paid access to data leaked to the network by hacking. The operation was conducted jointly with the National Crime Agency (NCA), the Netherlands National Police Corps, the German Federal Criminal Police Office (Bundeskriminalamt) and the Police Service of Northern Ireland.
"The Web site gave users access to a search engine to view confidential information illegally obtained from more than 10,000 data leaks, including more than 12 billion indexed records, including names, email addresses, logins, phone numbers and passwords," the U.S. Department of Justice reported.
The subscription price ranged from $2 to $75, giving users unlimited access to search engines and data for a limited period of time.
Here's the price of your logins and passwords and more today: from $2 to $75. And this is not the highest price, there is cheaper.
This is reality, open your eyes, 12 billion records, this is all humanity!
This is the true state of affairs when using key and password based technologies. This is not the end.
It's just beginning...
So most likely its through finger print or face recognition or something. Well its possible to happen but of course we need to consider the security features and possible system lockdown. We must consider some backup plans and procedures to retrieve data and security measures.
-----------------------
It is not recommended to use any system by fingerprint.
Numerous studies have shown that this is the easiest barrier for a burglar.
The laziest ones make a "master fingerprint". This is the equivalent of a "master key" to door locks.
Statistics have shown that the "master fingerprint" opens 65% of all devices on which there is a lock by fingerprint.
Similarly, but not always exactly so, any system whose security is based on other biometric identifiers is very easy to crack.
All this was invented by marketing, use it for your health...
As for backup, it's protection against breaking your device, not against a cheater who went out hunting. And it's not just scammers who hunt your data, but governments and corporations as well. It's automatic.
On the contrary, in terms of security, the more copies, the easier it is to steal.
It's all a cat-and-mouse game. You need radical, global, new solutions.
What we've built for us and offered to use is, in most cases, a cleverly disguised trap.
And yes, I know that I'm in the absolute minority, with these views.
As for our keyless encryption technology and at the same time, in fact, it performs the task of passwordless authentication, your usual passwords, keys, biometric identifiers - can successfully complement this encryption system, or even better - to fill with its content information part of the channel. There are no contradictions or prohibitions here.
Instead of filling the encrypted data packets with false information, the system will fill those data packets with information about your identifiers, any, in any combination.
But, unlike normal, password authentication, your identifiers will play a secondary role. The primary role will be the data packet itself, the order in which it is formed, encrypted and transmitted. If it is properly formed, identified by the host in the current Logical Time Tunnel, then the transmitting party is already 100% identified. This confidence is given by the encryption itself, without compromise, without analysis, without vulnerability because there is no key.
What to do with the mismatch of secondary identification features, if this has happened, are passwords, biometric identifiers, decides the algorithm of system operation. There are many options, request a repeat, do not accept this data, send data for verification (the user has mixed up his password), refuse authentication - we do not care.
The keyless encryption system has successfully encrypted and decrypted any information that was given to it. Without a key, without compromises, over a closed communication channel.
The fact of identification of its data packet, combined with the fact that it was correctly decrypted, provided 100% primary and basic identification of its interlocutor.
Thus, fears that the password or keys were stolen have no basis in this concept of encryption and information transfer.
Similarly, fears of weak interference immunity of the system have the opposite sign, the system is so interference-resistant that leaves neither misinformation nor any modifications - no chance.
Conclusion. The very fact of successful operation, a closed communication channel organized by 2 (or more) users, would not have been possible in principle if the function of infiltration of interference into this communication channel had been possible.
Such communication channel either works and works only absolutely reliably, no modification is able to break it, or does not work at all, the middle between these modes is not possible on the principal level of keyless coding technology.
These are logical, quantum, black and white system states.
There is no gap between them.
Let us explain again what we mean when we talk about repeating a previously transmitted data packet.
This is a keyless system, so note that this and all other repetitions are never transmitted to the channel by the same cipher code to which the previously modified data packet, the one that is now being repeated, was transmitted.
Moreover, this is also not possible because of the relationship between the cipher code and the data packet counters.
The reason why repeated data packets differ from the original data packets is their processing in the new Logical Time Tunnel. All Logical Time Tunnels have strong feedback to the hash code of all past system events, i.e. it is some kind of derivative.
There is also a bitwise addition of the new code's XOR with a new disposable binary ribbon (a full analog of the "disposable notepad" to obtain the Vernam cipher) of the same length as the data packet.
Therefore, regardless of whether a new data packet is formed or the old one is repeated, the keyless encryption system is forced to do its job, always doing the same thing, always the same as with a completely new data packet, so it is of high quality.
So, we have described that no package of information, or in any of the modes of operation, is equally encoded. For this purpose, a temporary virtual space has been created, which is always changing, always unpredictable in advance as it is, the variants of building this space infinite set.
This gives an important factor for encryption - unpredictability, multivariance, dependence on the processed information in its unit of time, in its moment of time, the so-called Logical Tunnel of Time.
The proposed technology of verification and passwordless authentication is possible only with its original paired system, only with the one which processed the same information and at the same time, and as we remember, in which even all the pauses, their time and their exact duration coincided - the same for both systems. It is an absolutely reliable system of infinite information ratchet, clinging to both information and time indicators of its existence.
In contrast to the double ratchet - the "mechanism" for creating new keys, based on the old ones, our technology creates a whole environment for understanding everything that happens, not just key information, the independent definition of all the rules transforming and configuring the entire system.
Our technique is therefore similar to the ratchet idea, but differs in that it works continuously, literally for every bit of information, infinitely long. It is probably the only possible variant of symmetric functioning of two encryption systems and the possibility of implementing the most keyless encryption technology in principle.
It becomes clear why such a system is not afraid of interference, targeted attacks, or errors of randomly unknown origin. All these phenomena - direct the settings of both systems in different directions by definition, all that remains is to draw conclusions and take measures, to return the system to the moment when both systems had a symmetric setting, or in other words, the same Logical Tunnel of Time.
An interesting question, what modes is the geometric model of keyless encryption capable of supporting without violating the declared principles of encryption?
The normal encryption mode without the key function is possible.
But...
The key information encryption mode is possible.
I specifically use the word "key information" instead of "key".
Well, here's the thing.
Let's say that users decided to use the key for their next encryption session.
Okay, no problem.
Unlike key encryption systems where there are clear requirements for the key (for example, clear length of the key), in a keyless encryption system, such requirements are completely absent.
In the literal sense of these words.
Except one: both users should have the same key. That's all.
Let me give you an example of what can be a key:
1. One character, one digit.
This is completely enough for the system to go into a completely new, unpredictable state (because of the time of the event, remember, we have a full space-time continuum, a discrete structure), and the quality of encryption does not degrade or change, absolutely not how. Is it interesting?
Think about it, the location of the elements has changed, the initial coordinate point has changed, the temporal correspondence of the elementary part of the encrypted information (e.g. byte of information) is its own, new, and all the other rounds of encryption are also completely new. This is the new Logical Time Tunnel. It's a new encryption scheme.
What's the danger of such short key information, such a key? Guessing to the attackers.
Really, it's not enough for him to guess the key, he needs it:
1) Know when to log it in;
2) Don't miss the first and all subsequent communication sessions between the parties he attacks;
3) Moreover, do not skip any packet of information from each communication session;
4) Moreover, do not miss a single byte of any data packet.
Whoa!
How and why is that?
Because if one bit of one data packet is accidentally modified by the communication noise, and that modified bit (in the data packet) is received by the user, but not by the attacker (Eva), then the symmetry between the user's system and Eva's system is lost!
Why?
Because the user will request a repeat of the wrong data packet, but Eva will not.
So the natural noise in the channel - improves the security of the closed channel Alice-Bob and removes the third party from the channel (Eva) in case she could not find out about one modified bit in one single data packet.
Eva's challenge is enormous, even with Alice-Bob's shared key compromised.
Next, let's continue with the examples of "key information".
2. Any text, any length, in any language.
3. Photo, image, drawing.
4. Symbols, hieroglyphs, special characters in any quantity and any sequence.
5. Any digital code, any binary code.
6. Audio file.
7. Other, which is information.
For these reasons, the term "key" here is not very accurate, the term "key information" is more appropriate.
The key mode has at least two more encryption modes, and then this.
There is also an encryption mode and a mode for transmitting (or receiving) large amounts of information.
Data verification mode.
Mode of two-way primary verification at the beginning of the next communication session.
And others.
Functioning in any mode, defines the special configuration of system, the certain adjustment of its algorithms, with deep feedback between the accepted "conditionally true" information and the transferred (new and precisely true) information. Such logic, after some time, allows to be completely assured that all transferred and accepted information not only is not modified, but also has been correctly deciphered by both participants of an information exchange.
Disinformation of the user about which would not become known, in this system of encryption - it is not possible.
This unique feature of keyless technology, can be used for instant control of absolute integrity of any volume of traffic in the network, in a point-to-point section.
So most likely its through finger print or face recognition or something. Well its possible to happen but of course we need to consider the security features and possible system lockdown. We must consider some backup plans and procedures to retrieve data and security measures.
--------------
The problem with biometric identifiers is that they become a common computer numerical code.
To some extent it's unique, plus it doesn't need to be remembered, but it's just a code that, like passwords, is stolen by a cheater and successfully used.
Another, the main problem with all biometric identifiers is that it's easy to forge:
- your fingerprint is easy to find and scan;
- your face is even easier to find;
- even your DNA is not a big problem, we leave our biological traces everywhere and everywhere.
So, biometric IDs are not a solution to password authentication problems, but a marketing move by device sellers.
The real solution to all password and biometric authentication problems is passwordless authentication, which is based on variable digital identifiers.
Simple, reliable and elegant.
In the world where hackers and such exists, I don't think keyless and passwordless authentication is possible yet. I'm not even satisfied with how fingerprint and face detection work yet especially if it involves a huge amount of money. I can't even think of a good security measure to counter those hackers, honestly. Even if there's a lot of security measures involve they are still able to hack accounts in just a few clicks.
In a world where hackers exist, only authentication without a password is possible because they have nothing to steal.
Passwordless authentication is not free access to an open door. It is a technology that changes the lock on the door all the time, quickly, no matter what you want or do. At the same time, you change the key, it is the password.
In modern technology, you have the same lock and key to your door. Always the same, you have to keep the key (password) secret. Because anyone who has your key can go through your door, open your lock.
Hackers always, exclusively and unambiguously hunt and steal your keys (passwords), they do not hit your head at your door. Their target is the key to your door. In other words, they need your digital identifier (biometric identifiers are converted into your digital permanent identifiers) because it is permanent.
Our idea is that you would have a variable identifier instead of a constant identifier. It would be produced as a chain of linked blocks in a blockchain, in a scheme:
1. Your usual digital identifier (password).
2. If you use it only once, it will be converted to a new numeric identifier, just as if you had changed your first password to a new one. But it's not you doing it, it's the program. It does it unpredictably randomly to an outside observer.
3. As soon as you use a second numeric identifier only once, it automatically changes to the new one.
4. And so on.
In this authentication scheme, the hacker has nothing to steal, no password, but he does.
Moreover, there is no place for phishing in such scheme (if you expand it in more detail), because verification takes place in two directions at once: the client identifies the server, and the server identifies the client.
And phishing is the most common attack vector for stealing your password and other things.
In the world where hackers and such exists, I don't think keyless and passwordless authentication is possible yet. I'm not even satisfied with how fingerprint and face detection work yet especially if it involves a huge amount of money. I can't even think of a good security measure to counter those hackers, honestly. Even if there's a lot of security measures involve they are still able to hack accounts in just a few clicks.
That's the confirmation of my words.
Today I have read the statistics on password attacks, it is alleged that almost 2 million users were attacked by password thieves in 2019.
And there is an increase in this type of crime.
Last year, the number of users in the world who were attacked by password theft programs increased by 72%.
Such programs are able to extract information directly from browsers, including account credentials, stored payment card data and content of forms for autofill.
These facts stubbornly lead us to conclude that password technologies are outdated.
We need a new foundation for 21st century security systems.
Password, this technology of the last century, as well as biometric identifiers, does not provide us with security.
The future only lies in passwordless technologies based on keyless encryption methods.
you can never be more secure . 
