Hitoshi Kokumai

1年前 · 2 分の読書時間 · visibility 0 ·

chat 著者への問い合わせ

thumb_up 関連性 message コメント

Context-dependent Descriptions of ‘Password-less’ Authentication

Context-dependent Descriptions of ‘Password-less’ AuthenticationWorry about a backdoor?

The word 'Password-less' seems to be multi-semantic depending on the context. Let us break it down.

1. Where the entire family of passwords is removed from digital identity altogether, we would have only two authenticators - physical token and biometrics.

Since biometrics requires another factor as a fallback measure against false rejection, this means that we would have only two types of solutions in the world - (a) authentication by physical token alone, security effect of which is illustrated below, and (b) authentication by biometrics used with a physical token in 'multi-entrance' deployment, which provides the level of security yet lower than the authentication by a physical token alone.

he lock authenticates the key.<br />
The key authenticates the lock.<br />
<br />
  <br />
<br />
Does the key authenticate<br />
the person who holds it?Very nice news to bad guys, isn't it?

2. Where PIN is viewed as not belonging to the family of passwords, advocates of ‘password-less’ authentication should be able to achieve a password-less authentication by relying on the PIN that is no more than a numbers-only password.

Some people allege that a PIN linked to a physical device is more reliable than a password not linked to a physical device. Those people would not reply to the question "What about a password linked to a physical device?"

A small child with a sharp sword might be able to repel an unarmed adult, but what if the adult is also armed with a similar sword?

3. Where a default/backup password is not viewed as the password, there could be a 'Password-less authentication achieved by biometrics that is dependent on a backup password'

In their world where a default/backup password is not the password, a second-entrance is not the entrance

Attempts to remove secret credentials and bring in biometrics don’t help but only make the matter even worse. We would like advocates of ‘password-less’ authentication to understand what they are advocating for whom.

Illusions<br />
<br />
LLL<br />
<br />
Zz,<br />
5555555<br />
<br />
 <br />
<br />
KN AV Distractions<br />
<br />
Hn

< Related Articles >

Digital Lemming’s Congested Competition for Bestseller Snakeoil

 Biometrics and Me

 Publication on EDPACS of Taylor & Francis


< Reposting of “Entertaining Security Topics” >

Current foot brakes are far from sufficient in the slip distance. This means that the foot brake system is dangerous. We have now removed the dangerous foot brake system from the cars we sell. We instead offer the safer cars that are equipped with better steering handles, better acceleration pedals and better hand brakes.

Physical keys are often stolen, copied and abused. This means that the lock/key system is dangerous. We have now removed the dangerous lock/key system from the houses that we sell. We instead protect our houses by making the door panels thicker and heavier

Passwords are often stolen, leaked and abused. This means that the password system is dangerous. We have now removed the dangerous password system from digital identity. We instead protect the digital identity of our clients by offering the safer choice of ‘physical tokens and biometrics’ instead of the dangerous choice of ‘passwords’, ‘physical tokens’ and ‘biometrics’.

Illusions<br />
<br />
LLL<br />
<br />
Zz,<br />
5555555<br />
<br />
 <br />
<br />
KN AV Distractions<br />
<br />
HnA house with two entrances provides better security than a house with one entrance. We suggest the owners of one-entrance houses to place an extra entrance for better security in the regions where we do not have to care about the definition of ‘better’ or for whom it is ‘better’.

Biometrics, when used as an authenticator in cyber space, needs to be deployed in ‘multi-entrance’ method with a password/PIN as a fallback measure against false rejection. We now offer the password/PIN-dependent biometrics that provides better security than the password­-only authentication. Our proposition is viewed as valid where they do not ask the definition of ‘better’ or for whom it is 'better'.

Illusions<br />
<br />
LLL<br />
<br />
Zz,<br />
5555555<br />
<br />
 <br />
<br />
KN AV Distractions<br />
<br />
Hn

A paper knife (specific/subordinate concept) belongs to the knife (general/superordinate concept). Therefore a paper knife must be able to perform what the knife is unable to perform.


A PIN, which is a weak form of numbers-only password, belongs to the password. Therefore, a PIN (specific/subordinate) must be able to offer the high level security that the password (general/superordinate) is unable to offer, possibly in a cyber version of Alice’s Wonderland.


#identity #authentication #password #security #safety #biometrics #ethic #privacy #civilrights #democracy


thumb_up 関連性 message コメント
コメント

その他の記事 Hitoshi Kokumai

ブログを見る