Context-dependent Descriptions of ‘Password-less’ Authentication
The word 'Password-less' seems to be multi-semantic depending on the context. Let us break it down.
1. Where the entire family of passwords is removed from digital identity altogether, we would have only two authenticators - physical token and biometrics.
Since biometrics requires another factor as a fallback measure against false rejection, this means that we would have only two types of solutions in the world - (a) authentication by physical token alone, security effect of which is illustrated below, and (b) authentication by biometrics used with a physical token in 'multi-entrance' deployment, which provides the level of security yet lower than the authentication by a physical token alone.
Very nice news to bad guys, isn't it?
2. Where PIN is viewed as not belonging to the family of passwords, advocates of ‘password-less’ authentication should be able to achieve a password-less authentication by relying on the PIN that is no more than a numbers-only password.
Some people allege that a PIN linked to a physical device is more reliable than a password not linked to a physical device. Those people would not reply to the question "What about a password linked to a physical device?"
A small child with a sharp sword might be able to repel an unarmed adult, but what if the adult is also armed with a similar sword?
3. Where a default/backup password is not viewed as the password, there could be a 'Password-less authentication achieved by biometrics that is dependent on a backup password'
In their world where a default/backup password is not the password, a second-entrance is not the entrance
Attempts to remove secret credentials and bring in biometrics don’t help but only make the matter even worse. We would like advocates of ‘password-less’ authentication to understand what they are advocating for whom.
< Related Articles >
< Reposting of “Entertaining Security Topics” >
Current foot brakes are far from sufficient in the slip distance. This means that the foot brake system is dangerous. We have now removed the dangerous foot brake system from the cars we sell. We instead offer the safer cars that are equipped with better steering handles, better acceleration pedals and better hand brakes.
Physical keys are often stolen, copied and abused. This means that the lock/key system is dangerous. We have now removed the dangerous lock/key system from the houses that we sell. We instead protect our houses by making the door panels thicker and heavier
Passwords are often stolen, leaked and abused. This means that the password system is dangerous. We have now removed the dangerous password system from digital identity. We instead protect the digital identity of our clients by offering the safer choice of ‘physical tokens and biometrics’ instead of the dangerous choice of ‘passwords’, ‘physical tokens’ and ‘biometrics’.
A house with two entrances provides better security than a house with one entrance. We suggest the owners of one-entrance houses to place an extra entrance for better security in the regions where we do not have to care about the definition of ‘better’ or for whom it is ‘better’.
Biometrics, when used as an authenticator in cyber space, needs to be deployed in ‘multi-entrance’ method with a password/PIN as a fallback measure against false rejection. We now offer the password/PIN-dependent biometrics that provides better security than the password-only authentication. Our proposition is viewed as valid where they do not ask the definition of ‘better’ or for whom it is 'better'.
A paper knife (specific/subordinate concept) belongs to the knife (general/superordinate concept). Therefore a paper knife must be able to perform what the knife is unable to perform.
A PIN, which is a weak form of numbers-only password, belongs to the password. Therefore, a PIN (specific/subordinate) must be able to offer the high level security that the password (general/superordinate) is unable to offer, possibly in a cyber version of Alice’s Wonderland.
#identity #authentication #password #security #safety #biometrics #ethic #privacy #civilrights #democracy