There is a pretty important caveat in the comments at LBTP: "Basic machine learning breaks down under an adaptive attacker." I think ML could be a valuable extra layer for some systems, but I don't see it either solving the problems of the password or serving as a second "factor". This is partly for analytic reasons: how does ML fit into the established hierarchy of crypto primitives like e.g. hashing, authenticated encryption, etc.? Also, people are still arguing that TLS is too slow to use on many sites, but I expect ML to be slower yet.<p>Still it's nice to see original thought about authentication.