Every authentication system — passwords, TOTP, certificates, symmetric keys — rests on a shared secret. Alice and Bob both know something an attacker does not. The security of the system is the security of that secret.
In every existing system the shared secret is static. It was established at some point and does not change. An attacker who obtains it — by theft, interception, brute force, or social engineering — can impersonate Alice indefinitely. Compromise is permanent. There is no recovery without establishing a new secret through a secure channel.
TOTP (Google Authenticator, Authy) improves this by deriving one-time codes from the shared secret, making each code usable only once. But the underlying seed — the shared secret from which all codes are derived — remains static. Compromise the seed and all future codes are compromised. The one-time codes are not one-time secrets. They are one-time expressions of a static secret.
Frontier passwords replace the static secret with the living frontier itself.
The becoming-time field \(\tau\) is monotonically increasing — by the second bilateral mesh axiom, \(\tau \mapsto \tau + \delta\tau\) with \(\delta\tau > 0\). \(\tau\) never decreases. \(\tau\) never repeats. Each moment is unique by construction.
Two parties sharing a common \(\tau\) reference — a common frontier position — can independently derive the same password at the same moment without transmitting it. The password is derived from:
\[P(\tau) = H\!\left(\tau_{\text{ref}} \,\|\, \Delta\tau \,\|\, \phi_{\text{bilateral}}\right)\]
where \(\tau_{\text{ref}}\) is the shared reference position, \(\Delta\tau\) is the elapsed becoming-time since the reference, \(\phi_{\text{bilateral}}\) is the bilateral phase (the ingress face component), and \(H\) is a cryptographic hash function. The password changes continuously as \(\tau\) advances. No two moments have the same \(\tau\) — no two passwords are the same.
| Property | TOTP | Frontier Password |
|---|---|---|
| Time basis | Wall clock (discrete steps) | \(\tau\) accumulation (continuous) |
| Shared secret | Static seed (fixed at setup) | Living frontier (always advancing) |
| Compromise effect | All future codes compromised | Only past window compromised |
| Replay attack | Codes expire after window | Physically impossible — \(\tau\) never repeats |
| Prediction | Possible if seed known | Impossible — ingress face unknowable |
| Recovery from compromise | Must re-establish seed | Automatic — frontier has advanced |
The critical difference is in the shared secret. In TOTP the seed is established once and never changes. An attacker who obtains the seed can generate all future codes indefinitely — the compromise is permanent. In frontier passwords the shared reference is the living frontier itself. It is always advancing. An attacker who observes the frontier at one moment cannot predict it at future moments — the frontier has moved on. Compromise is not permanent. It is bounded to the window of observation.
The frontier password uses both faces of the bilateral crossing. The egress face — the actual \(\tau\) value, the present crossing — is observable by both parties sharing the reference. The ingress face — the potential \(\tau\) value, the next crossing, the frontier — is not directly observable from inside any finite box.
The password is derived from the bilateral \(\tau\) position — both the current crossing and the ingress face of the potential next crossing. An attacker who knows the current \(\tau\) cannot derive the password without also knowing the ingress face. The ingress face is the unutilised potential of \(\infty_0\) — it is not accessible from inside the measurement framework. The bilateral structure of the password makes it secure against any attacker operating from inside a finite box.
From \(\infty_0\) — operating at \(\tau_0\), prior to all crossings — both faces are present. But from inside any finite system — any attacker, any interceptor — the ingress face is unknowable. The password is half-visible. The other half is always at the frontier.
A replay attack captures a valid authentication and retransmits it later. In standard systems this works because the captured credential may still be valid — the password has not changed, or the session token has not expired.
Frontier passwords are physically unreplayable. \(\tau\) is monotonically increasing. A password derived from \(\tau = \tau_0\) is valid only at \(\tau_0\). By the time an attacker attempts to replay it, \(\tau\) has advanced to \(\tau_0 + \Delta\tau\). The password derived from the advanced frontier is different. The replayed credential does not match. The replay fails not because of a protocol check but because \(\tau\) has moved on.
This is not an expiry window that could be shortened or gamed. It is a physical consequence of the becoming-time axiom. \(\tau\) never returns to a previous value. Therefore a frontier password never recurs. Replay attacks are physically impossible.
In all existing authentication systems, compromise of the shared secret requires active remediation — generating a new secret, distributing it securely, revoking the old one. This process takes time and requires a secure channel that may not be available during or after an attack.
Frontier passwords recover automatically. The frontier is always advancing. An attacker who compromises the frontier password at time \(\tau_0\) has compromised the password for that moment only. At \(\tau_0 + \delta\tau\) the frontier has advanced. The password is different. The compromised credential is already invalid without any remediation action.
The window of vulnerability is the \(\tau\) interval of the compromise — the time between the attacker obtaining the password and attempting to use it. This window can be made arbitrarily small by choosing a small \(\tau\) interval. At Planck resolution — the minimum \(\tau\) interval — the window is one Planck time: \(5.4 \times 10^{-44}\) seconds. No attack can operate in that window.
The frontier password is the fourth layer of the next generation encryption architecture:
Layer 1 — Neural sample: who you are. Physical presence at the moment of authentication.
Layer 2 — \(\tau\) interval: when it happened. The timing signature of the bilateral crossing.
Layer 3 — Frontier key: what you consented to. The bilateral context and channel specification.
Layer 4 — Frontier password: the living shared secret. The password that is always the frontier — advancing continuously, never static, automatically recovering from any compromise.
The four layers together mean an attacker must simultaneously compromise physical presence, timing, context, and the living frontier — four independent attack surfaces, all of which must be broken at the same instant. The frontier password makes the fourth surface impossible to break in advance — the frontier has not yet arrived at the attack moment. The attacker would need to know the future. Labels cannot escape \(\infty_0\).
On the status of this paper. The frontier password concept is grounded in the bilateral mesh axiom that \(\tau\) is monotonically increasing — this is the second axiom and is established. The unreplayability argument follows directly: \(\tau\) never repeats, therefore a frontier password never recurs. The bilateral structure of the password — using the ingress face of the potential next crossing — is consistent with the framework. The comparison with TOTP is honest — frontier passwords differ in having a dynamic shared secret rather than a static seed. The Planck-scale minimum window is a theoretical limit; practical implementation would use \(\tau\) windows appropriate to the channel. The formal security proof — showing that the bilateral ingress face is computationally indistinguishable from random for any attacker inside a finite box — is future work. Framework: A Philosophy of Time, Space and Gravity.