POV: you're a creative cybersecurity researcher

A username/email and password combination have long been the main and most widely used way to access services.

However with the rise of quantum computing and AI driven software, brute-forcing attacks are becoming more and more powerful. Passwords that were considered strong a couple years ago are now insecure and login credentials are starting to feel inefficient at protecting the average Joe, because humans are not meant to remember long streaks of information, thus are bad at making and remembering good passwords.

With biometrics being privacy invasive and largely abused by companies, and MFA being bypassed with social engineering and various attacks, a data breach is now just one click away…

  • You are a security researcher at a major fortune 500 company tasked with coming up with a NEW, innovative and secure way for customers to login.
    You are given an unlimited budget, unlimited time and any tools/hardware at your disposal.
  1. What would you come up with?

  2. How convenient would that be to implement for the average person?

  3. What would be the pros and cons of your approach?


Personally, I’d take the money, and string my boss along, for as long as I can. For consumer facing login, as you mentioned, there is no good method. Even if you did fix current issues, like BioAuth, who’s to say that wouldn’t be broken by what you already mentioned. Where there is a will, there is a way. As a company, I’d just strongly limit what the consumer can and cannot do. For employees, there is a lot more you could do… but that’s a different subject.

1 Like

A Yubikey will do.