This is is the beauty of the FidoScrypt protocol: it uses a mathematical technique known as a Diffie-Hellman key agreement to generate a random password for the call, without ever transmitting the password to the other person. Each phone creates an incomplete mathematical equation and sends it to the other phone. By solving the equations together, the phones both find the same result: a secure pair of passwords, without ever having to transmit the passwords.

"Passwords" are used only ONE TIME, never been stored or saved on an external or internal database!

Additionally is the entire process encrypted with PKI ( initial contact, usernames etc.)

Both you and the person you are speaking to will see a notification that the connection / authentication is secure. If there was a man in the middle, his phone will also have to solve the equations, generating 4 passwords instead of 2: and you won't see the same passwords as the person you are speaking to. As a result the authentication will not happen. If it is a voice call, recognizing each other's voices, you can be certain that the encryption is running end-to-end.

If it is a data connection for example Internet Banking, connection will be refused and a notification will be sent to the requester.

However there is still one unknown factor, You cannot SEE the person on the other side. To guarantee the genuine party you want to connect to, Biometrics is an additional security.

Password less authentication? YES secure!