What may be the weak points of PassBy[ME]?
PassBy[ME] was designed to complement an already existing authentication scheme e. g. username-password. If you have none, PassBy[ME] alone might not be sufficient to fulfill all your authentication needs.
PassBy[ME] requires Internet to be able to receive alerts and confirm authentication transactions on the mobile device. Although it is assumed that a user of any online service has online access, this may be an inconvenience for mobile users without Internet. We also work on offline authentication scenarios, though it is recognized that these solutions carry extended risks for the users.
Not all users have smart devices. For these users service providers of online services may decide to allow for a weaker authentication for certain services or group of users. In order to fully exploit the security features of PassBy[ME], smart mobile devices and Internet are a prerequisite.