There Is No Secret: Condition-Based Access

Passwords get phished. Cookies get hijacked. API keys get leaked. What if authentication didn't require secrets at all?