This kind of disagreement is what makes life enjoyable

In essence, I was not at all implying that password based authentication is flawed or insecure in itself. I was just telling that it is not human friendly. Because of this, in many cases, especially in the entreprise, passwords are either easily guessable, or written down for remembering them.

A password is only as strong as it is known to a single person, right? It gives me the proper protection when used in my own controlled environement. In the entreprise, you will find that a large number of help tickest are linked to passwords (lost, forgotten, etc).
My point was to “humanize” the authentication process rather than forcing human to memorize “machine” friendly password, which the majority of humans can’t do.

As I pointed out, an authentication based on graphics presented to be recoginsed by humans would provide a better level of protection than todays passwords in the HUMAN/MACHINE relation. It would be very difficult for a machine to analyse a complex mosaic of images and decide which one relates to the user. Passwords can still be used between machines, no problem.

Before trying to layer another factor of authentication, we would be better off understanding why pasword authentication only cater for 20% of the cases of safe authentication.

All the points you mention are relevant and I agree with many of them, certainly with the threats.
But my point is beyond the technology into the usability.

Jean-Louis

Two factor authentication still is not the silver bullet for identity theft. What if you sniffed your password and then stole your second factor? I’m still in.

Something like a BioToken, where you enter your pass-phrase on a trusted device dedicated to encryption, is the most secure method available.