A Review of Password-less User Authentication Schemes

TL;DR

This review analyzes various password-less authentication schemes proposed since 2004, highlighting the challenges in balancing security and user experience, and suggesting opportunities for innovative improvements.

Contribution

It provides a comprehensive evaluation framework for password-less schemes and identifies the gap between security and usability in current approaches.

Findings

Difficulty in balancing security and user experience.

Existing schemes often compromise either security or usability.

Opportunities for combining technologies to improve password-less authentication.

Abstract

Since the demise of the password was predicted in 2004, different attempts in industry and academia have been made to create an alternative for the use of passwords in authentication, without compromising on security and user experience. This review examines password-less authentication schemes that have been proposed since after the death knell was placed on passwords in 2004. We start with a brief discussion of the requirements of authentication systems and then identify various password-less authentication proposals to date. We then evaluate the truly password-less and practical schemes using a framework that examines authentication credentials based on their impact on user experience, overall security, and ease of deployment. The findings of this review observe a difficulty in balancing security with a user experience compared to that of passwords in new password-less schemes, providing the opportunity for new applied research to leverage existing knowledge and combine technologies and techniques in innovative ways that can address this imbalance.