Hitoshi Kokumai

9ヶ月前 · 2 分の読書時間 · visibility ~10 ·

chat 著者への問い合わせ

thumb_up 関連性 message コメント

Bizarre Theory of Password-less Authentication

The theory is “A ground force can be easily defeated by air attack. Then, removing the ground force from our defense will make our defense securer”.

Replace ‘ground force’ with ‘password’, ‘air attack’ with ‘password theft’ and ‘defense’ with ‘cybersecurity’ and we realize that this is what happens when ‘insufficient’ is mixed up with ‘harmful’ in cyberspace

Well, why are we so persistent in busting the falsehood of password-less authentication?

Because the wide-spread falsehood of password-less authentication is so persistent as indicated in this report – “Is the future of cybersecurity passwordless?”


The true effects of removing secret credentials are discussed here – “On Devastating Effects of Removing Password”



A token-less authentication could also be achieved for ‘better security’ if ‘ground force/password’ is replaced with ‘physical token’. Intriguing, isn’t it?

Bizarre Theory of Password-less Authentication

Entertaining Security Parodies

Current foot brakes are far from sufficient in the slip distance. This means that the foot brake system is dangerous. We have now removed the dangerous foot brake system from the cars we sell. We instead offer the safer cars that are equipped with better steering handles, better acceleration pedals and better hand brakes.

Physical keys are often stolen, copied and abused. This means that the lock/key system is dangerous. We have now removed the dangerous lock/key system from the houses that we sell. We instead protect our houses by making the door panels thicker and heavier

 Passwords are often stolen, leaked and abused. This means that the password system is dangerous. We have now removed the dangerous password system from digital identity. We now protect the digital identity of our clients by offering the safer combinations of ‘physical tokens and biometrics’ instead of the dangerous combinations of ‘passwords’, ‘physical tokens’ and ‘biometrics’.

 A house with two entrances provides better security against burglars than a house with one entrance. We suggest the owners of one-entrance houses to place an extra entrance for better security in the regions where we do not have to care about the definition of ‘better’ or for whom it is ‘better’.

Biometrics, when used as an authenticator in cyber space, needs to be deployed in ‘multi-entrance’ method with a password/PIN as a fallback measure against false rejection. We now offer the password/PIN-dependent biometrics that provides better security than the password¬-alone authentication. Our proposition is viewed as valid where they do not ask the definition of ‘better’ or for whom it is ‘better’.

 A paper knife (specific/subordinate concept) belongs to the knife (general/superordinate concept). Therefore, a paper knife must be able to perform what the knife is unable to perform.

A PIN, which is a weak form of numbers-only password, belongs to the password. A PIN (specific/subordinate) must be able to offer the high level security that the password (general/superordinate) is unable to offer, possibly in a cyber version of Alice’s Wonderland.

thumb_up 関連性 message コメント
Zacharias 🐝 Voulgaris

Zacharias 🐝 Voulgaris

9ヶ月前 #3

True. Also, the entropy of a PIN password is fairly low, compared to other, more complex passwords, especially those involving random characters. My encryption systems work primarily with 0 ectropy keys (i.e., keys having the maximum possible entropy). Also, they are what s referred to in the industry, post-quantum. I still believe that there is room for synergy between your technology and mine. Cheers

Hitoshi Kokumai

Hitoshi Kokumai

9ヶ月前 #2

Do you know some people at Microsoft allege "PIN is not Password. So replacing a password with a PIN enables them to claim that they can achieve a password-less authentication"? The rest of us know that the PIN is no more than a numbers-only password.

Zacharias 🐝 Voulgaris

Zacharias 🐝 Voulgaris

9ヶ月前 #1

Yep, password-less security seems more like a scam than a real, pragmatic, solution. Hard to believe some people would fall for this, then again, considering that for many people security is equivalent to coming up with an easy-to-guess passphrase, which often lingers on a stick-it note on a computer monitor, it's not all that far-fetched. Cheers!

その他の記事 Hitoshi Kokumai