Playing with more user-friendly methods for multi-factor authentication
9 months ago
- #security
- #user-experience
- #authentication
- User frustration with multi-factor authentication (MFA) is common, prompting the need for more user-friendly methods.
- Poker hands as a secondary authentication factor: users pick five cards from a deck, easy to remember and secure.
- Digital Rubik's cube scrambling as an MFA method, offering high entropy with numerous possible configurations.
- Chess matches as an authentication factor, leveraging the vast number of possible game outcomes for security.
- Typing speed (WPM) as a biometric factor, using unique typing tendencies for authentication.
- Simplified fingerprint authentication without hardware by asking users to match a presented fingerprint.
- Airgapped TOTPs: using printed passcodes delivered via postal service to avoid SMS vulnerabilities.
- Self-portraits inferred by AI as a non-invasive photo-based authentication method.
- Karaoke-based authentication, exploiting the difficulty of AI in mimicking poor singing.
- Web3-inspired authentication: sending codes to randomly selected relatives instead of email.
- Tooth-based biometrics using smartphone scans of teeth, no specialized hardware needed.
- LLM-based authentication: convincing an AI to grant access via chat interface.
- Chess skill level (ELO) as an authentication factor by playing against a chess engine.
- Cinemauth: using film preferences via Letterboxd OAuth for identity verification.
- Enterprise version of Cinemauth: ordering coworkers instead of movies, integrated with HRIS.
- Naming coworkers' children as an authentication method, requiring attentiveness to workplace anecdotes.
- Emphasis on not reinventing authentication methods unnecessarily, recommending existing solutions like Tesseral.