Technical Field
This disclosure relates generally to information security and, in particular, to access control schemes that are facilitated using authenticator devices.
Background of the Related Art
In August 2014, media reported 1.2 billion passwords had been stolen across a range of web services. Passwords have long been known to be insecure at multiple levels, yet there are a lack of secure, easy-to-use alternatives. Physical authenticators (e.g., security tokens, hardware tokens, USB authenticators, key fobs, and the like) provide a common, stronger alternative to overcome password limitations. Such devices have various implementations but, in general, they operate by providing two-factor authentication and stronger security qualities than human memory-based solutions, such as passwords. All physical authenticators, however, suffer from manufacturing and distribution drawbacks. Indeed, the costs of physical authenticators are prohibitive for most web services. For example, a banking website or social network cannot easily distribute authenticators to all its users. In rare cases, high-value web services will distribute authenticators. But, even if price were not an issue, it would be impractical for all web services to distribute to their users unique physical authenticators, as the number of physical devices would become unmanageable.
It is also known to use physical objects and environments as passkeys, for example, providing a physical token to unlock a smart lock. These approaches include techniques that create cryptographic protocols based in part on physical objects. Other known techniques involve using physical data (e.g., fingerprints and biometrics) to create a non-cryptographic encoding.