The problem behind secrets If two people know something it's not a secret anymore. Traditional auth systems are based on secrets, like passwords or api keys. Low entropy Leaks Replay Vulnerable Secrets are not provable.