Blockchain solutions offered without a reliable user authentication don’t make much sense, do they?
When we say ‘This door is weak’, it could mean ‘The door panel is weak’ and ‘The lock/key system is weak’. The blockchain technology could indeed help make a strong door panel, but it alone could never make a substitute to a reliable lock/key system.
Well, for the most reliable lock/key system for cyberspace, i.e., digital identity authentication, there must be three prerequisite
First of all, identity assurance with NO confirmation of the user’s volition would lead to a world where criminals and tyrants dominate citizens. Democracy would be dead where our volition was not involved in our identity assurance. We must be against any attempts to do without what we remember, recognize and feed to login volitionally.
Secondly, mathematical strength of a security makes sense so long as the means is practicable for us Homo sapiens. A big cake could be appreciated only if it’s edible.
Thirdly, being ‘unique’ is different from being ‘secret’. ‘Passwords’ must not be displaced by the likes of ‘User ID’. I mean, we should be very careful when using biometrics for the purpose of identity authentication, although we don’t see so big a problem when using biometrics for the purpose of personal identification.
Identification is to give an answer to the question of “Who are they?”, whereas authentication is to give the answer to the question of “Are they the persons who claim to be?” Authentication and identification belong to totally different domains.
We know that the password is an indispensable factor for multi-factor schemes and that the security of password managers and single-sign-on schemes needs to hinge on the reliability of the master-password. Biometrics, which relies on a backup password, can by no means be an alternative to the password,
The password as memorized secret is absolutely necessary. We must not accept any form of password-less login.
We might also need to look at the situation where we cannot rely on anything but the memorized secrets; emergencies.
What is practicable in a calm indoor environment is not necessarily practicable in the turbulent outdoor environment, although the reverse can be said. The difference would be most striking in the cases of battlefield and disaster recovery.
Can we take it for granted that the people in such panicky situations are holding the cards and tokens for their identity authentication?
Can we be certain that the biometrics measures, whether static or behavioral, are practicable for the people who are injured or caught in panic?
It is the obligation of the democratic societies to provide the citizens with identity authentication measures that are practicable in emergencies.
Slide “Identity Assurance in Emergencies”.
Blockchain solutions for valuable information assets must come with the most reliable means of identity assurance.