Some critics are getting hung up on the hard-to-understand details, or zeroing in on a few stretch claims about potential usefulness in certain situations. There is still novelty and innovation here. It is a different way to train, prompt, and evaluate authentication attempts.
Even if not perfectly resistant to all kinds of coercion, or ideally strong in an information-theoretic sense, its weaknesses in various dimensions are different than more traditional systems. It is thus suggestive of other potential directions in the design space, leveraging other aspects of human memory/behavior.
It bears some similarity to systems which add the timing of a person's typing as an added authenticating factor.
People are reacting to the authors overselling their work, as amplified by extremetech: they're claiming this as hardening against rubber-hose cryptoanalysis, which is simply untrue. Their paper actually describes a system which actually has nothing to with cryptography - it's authentication - and has failure modes which are identical to password authentication, except where it imposes significant new barriers to practical application.
If they'd published it as a minor curiosity suggesting an area for future research there'd be far less backlash.
Even if not perfectly resistant to all kinds of coercion, or ideally strong in an information-theoretic sense, its weaknesses in various dimensions are different than more traditional systems. It is thus suggestive of other potential directions in the design space, leveraging other aspects of human memory/behavior.
It bears some similarity to systems which add the timing of a person's typing as an added authenticating factor.