Comment by crote
7 hours ago
Not true. There are lots of authentication schemes where the plaintext password is never communicated. This becomes rather crucial when the client doesn't know for sure yet what the identity of the other side is. See for example wifi encryption.
Cloning the knowledge in someone's brain is fairly easy. You just need a wrench.
Yes, but that is not how passwords work since the protocol for proving knowledge is that you enter it into the HTML form served by the party claiming to be the verifier.
If we are talking rubber-hose cryptography then a physical hardware token is just an insecure as a brain. Most people are not hacked via wrenches.