All authentication systems I know require only one password (or passphrase, secret …, name it like you want), that is a string which a strong unpredictability.
Stating that an account needs two of them is an extraordinary claim and, as we say, an extraordinary claim requires extraordinary evidence, but @maidsafe didn’t provide one.
There is this topic that tries to demonstrate this by stating that 2 passwords are more secure than one. But:
- No proof is provided
- Most people are against this principle (see my recap of quotes here)
- This prevents friendly names that could be used by people to create several accounts like “Music”, “Sport”, “Finance”, “Business” … (possibly with the same password)
Lastly, @ustulation made a logical error when he argued that usernames have drawbacks “if people can easily guess where your account packet is in the Network it narrows down the attack vector to just decrypting that packet”. This is true when account packet location is derived only from username and @neo suggested to derive its location from both password and friendly name to solve this problem. @ustulation seemed to agree with this, but we are still with a password and a secret after 3 years.
Several times I have proposed to go back to the standard usage of password + username (or friendly name, pet name, … call it like you want), see here or here.
This post is another attempt at it and I wonder if one day @maidsafe will come to reason on this subject.