| Layer | Primary Attack | Mitigation | | :--- | :--- | :--- | | | Brute-force, sniffing, reuse | Rate limiting, HTTPS, password managers | | PIN + Keypad | Shoulder surfing, thermal trace | Scramble pad, glove detection (IR) | | RFID/Wiegand | Cloning, replay | Encrypted rolling codes (Keeloq) | | TOTP | Seed extraction, time drift attack | HSM for seed storage, NTP sync with GPS | | ZKPP (SRP) | Logjam attack on DH groups | Use elliptic curve (P-384 or Curve25519) | | Asymmetric (PKI) | Quantum factorization (Shor’s algorithm) | Migrate to NIST PQC standards (CRYSTALS-Dilithium) |
The most surprising failure mode is . A 2018 study demonstrated unlocking a smart lock with a TOTP password by filming the user’s finger taps from 50 meters with a high-zoom camera and AI-based motion tracking. The password was the activation key, but the human was the weakest link. Part 7: The Quantum Future – Post-Password Doors Quantum computing threatens all public-key cryptography (RSA, ECC) used in modern passwordless activation keys. The password door activation key of 2035 will likely be based on Lattice-based cryptography (e.g., Kyber for key exchange, Dilithium for signatures). password door activation key
But more radical is the concept of for physical doors. A fiber-optic cable runs from the door to a central server. Photons are sent in specific polarization states. Any eavesdropper attempting to measure the photons changes their state, immediately detectable. The activation key is the quantum state itself. The password is the basis sequence. | Layer | Primary Attack | Mitigation |