For the last 50 years, the fundamental and largely unchanged model for identifying and authenticating users has been based on the combination of a username and password, sometimes augmented with “second factor” techniques.
While this approach has mostly served financial and other high-security industries well, it’s increasingly shown to suffer from five drawbacks:
1. Complex usernames and passwords are not user-friendly, which leads to inherent tension between what’s best for user experience (UX) and what’s best for security. For example, it’s well known that “passphrases” are more secure than “passwords.” But with advent of mobile apps, user preferences have shifted to make these the most frequently-used access modes, making passphrases more impractical.