The Quest to Replace Passwords : a Framework for Comparative Evaluation of Web Authentication Schemes

 Memorywise-Effortless: users don’t have to remember any secrets  (Quasi-Memorywise-Effortless): one secret for everything  Scalable-for-Users: users can use it for many accounts without extra burden  Nothing-to-Carry: users don’t need to carry an additional physical token  (Quasi-Nothing-to-Carry): if the object is something they would carry everywhere (mobile phone)  Physically-Effortless: authentication process does not require physical effort  (Quasi-Physically-Effortless): limited to speaking  Easy-to-Learn: users can learn it and use it without too much trouble  Efficient-to-Use: The time to set up the verifier and make the authentication is reasonable  Infrequent-Errors: genuine users will usually succeed in the authentication process  Easy-Recovery-from-Loss: a user can authenticate if the token is lost or the secret forgotten