Bizarre Theory of Password-less Authentication
The theory is “A ground force can be easily defeated by air attack. Then, removing the ground force from our defense will make our defense securer”.
Replace ‘ground force’ with ‘password’, ‘air attack’ with ‘password theft’ and ‘defense’ with ‘cybersecurity’ and we realize that this is what happens when ‘insufficient’ is mixed up with ‘harmful’ in cyberspace
Well, why are we so persistent in busting the falsehood of password-less authentication?
Because the wide-spread falsehood of password-less authentication is so persistent as indicated in this report – “Is the future of cybersecurity passwordless?”
The true effects of removing secret credentials are discussed here – “On Devastating Effects of Removing Password”
A token-less authentication could also be achieved for ‘better security’ if ‘ground force/password’ is replaced with ‘physical token’. Intriguing, isn’t it?
Entertaining Security Parodies
Current foot brakes are far from sufficient in the slip distance. This means that the foot brake system is dangerous. We have now removed the dangerous foot brake system from the cars we sell. We instead offer the safer cars that are equipped with better steering handles, better acceleration pedals and better hand brakes.
Physical keys are often stolen, copied and abused. This means that the lock/key system is dangerous. We have now removed the dangerous lock/key system from the houses that we sell. We instead protect our houses by making the door panels thicker and heavier
Passwords are often stolen, leaked and abused. This means that the password system is dangerous. We have now removed the dangerous password system from digital identity. We now protect the digital identity of our clients by offering the safer combinations of ‘physical tokens and biometrics’ instead of the dangerous combinations of ‘passwords’, ‘physical tokens’ and ‘biometrics’.
A house with two entrances provides better security against burglars than a house with one entrance. We suggest the owners of one-entrance houses to place an extra entrance for better security in the regions where we do not have to care about the definition of ‘better’ or for whom it is ‘better’.
Biometrics, when used as an authenticator in cyber space, needs to be deployed in ‘multi-entrance’ method with a password/PIN as a fallback measure against false rejection. We now offer the password/PIN-dependent biometrics that provides better security than the password¬-alone authentication. Our proposition is viewed as valid where they do not ask the definition of ‘better’ or for whom it is ‘better’.
A paper knife (specific/subordinate concept) belongs to the knife (general/superordinate concept). Therefore, a paper knife must be able to perform what the knife is unable to perform.
A PIN, which is a weak form of numbers-only password, belongs to the password. A PIN (specific/subordinate) must be able to offer the high level security that the password (general/superordinate) is unable to offer, possibly in a cyber version of Alice’s Wonderland.