1) Authentication methods have evolved from single-factor password authentication to two-factor authentication using passwords and physical tokens due to security issues, but now some recommend removing passwords and using only physical tokens for single-factor authentication. 2) A scenario is described where a man uses a physical key to unlock a mansion and gain access, backed by testimony from a shop owner that the man owned the wallet containing the key. 3) In the digital world, similar scenarios could occur where physical tokens are used to authenticate identity, potentially sacrificing security for ease of use if consumers are misled about the security risks.

1. Intriguing Evolution from One to Two
And Back to One
A single factor authentication by a password was a norm until some years
ago. In view of the rampant password phishing and data breach, two factor
authentications by the password and something possessed deployed in
‘multi-layer’ method have recently been recommended where security
matters.
Now some people recommend the removal of the password altogether from
the 2 factor schemes and go back to a single factor authentication, this time,
by only something possessed with the help of PKI or onetime code.
Shall we imagine what sort of situation we could witness where our identity
is authenticated by the verification of a physical token?
"A guy knocked the door of a mansion, claimed to be the owner of the
mansion and demanded the residents to leave. The mansion's lock was
unlocked by the key that the guy took out of his wallet. In other words, the
guy’s key was authenticated by the mansion’s lock.

2. The guy was accompanied by a shop owner who testified that they had sold
the said wallet to the guy. This certifies that the guy was the legitimate
owner of the wallet out of which the key was taken out in front of the
residents.
Confronted with the integrity of the key verified by the mansion’s lock and
the guy’s identity verified by the possession of the said key along with the
ownership of the wallet verified by the testimony of the bona fide shop owner,
the unhappy residents were unable to insist that the guy was not the owner
of the mansion and had to leave the mansion."
In a present digital environment, we might witness a more advanced
situation as described in this cartoon (published 14 years ago) -
http://www.mneme.co.jp/english/manga/parody/index1-2.html
It appears that corporations are obsessed with 'low friction customer
experience'. There would be nothing wrong with it if the consumers are
accurately informed that the security is more or less sacrificed in return for
the lower friction experience when it is actually achieved by sacrificing
security.
It would be a devastating mistake, however, if consumers are misled to
believe that the lower friction experience is achieved without damaging
security when the security is actually damaged. The consumers could well
get trapped in a serious false sense of security (illusion of safety), which is
even worse than lack of security.
Suppliers of security solutions should be more mindful of what they are
doing.