You can set a password for First Direct to use when calling you. That's worked fine for me, but then I did set up the password like... 20 years ago maybe? Maybe a bit more, I was in this city so that's 20-25 years ago.
It doesn't need to be a very good password, because it's not as though it can be brute forced. It's like the Socialist Millionaire's Protocol situation, a human is in the loop, if you get the answer wrong twice the human is already very annoyed, so you cannot try 100 passwords let alone a billion.
The reason to inconvenience rather than force is users in a rush will pick the worst passwords, even as paid employees where their password is the thing between the outside world and highly confidential stuff.
This is all true, but my take would be that you can't do worse than users will do with a password prompt. By all means, leave an option for fussy users to provide their own.
Maybe a phone call to communicate a password would be better. Not as convenient of course, but security and convenience don't often go together. That assumes your voice provider isn't recording the call.
I hate when they won't let me use a password that's not "strong" enough. I picked my password, let me use it. I know the consequences of using an easy password.
You can have a very secure facility that only uses a "house key"-style entry flow for the user. The key will look really weird (see Medeco and Evva for examples) and the building will have some design compromises - few entry points, no openable windows, etc.
A password, in theory, could work the same way. Except that the normal password UX involves people remembering the password, which entails a huge security compromise.
The problem with Screen Time is that its trivial to get past. Eventually you enter the password enough times and it becomes muscle memory. Having someone else do it and then not tell you the password is the bare minimum.
reply