Hitoshi Kokumai

1年前 · 1 分の読書時間 · visibility ~100 ·

chat 著者への問い合わせ

thumb_up 関連性 message コメント

Default Password and Fallback Password

Default Password and Fallback Password

It appears that quite a few biometrics people confidently allege that they do not rely on a fallback password or any backup measure.

In most cases, judging from my experience of dealing with biometrics people for nearly 20 years, those people are simply indifferent to the fact that the default password, which was quietly embedded in their authentication systems from the beginning, functions as a fallback password when the user gets rejected by the biometrics.

Here, indifference and ignorance might be one of their most powerful weapons for their active sales operations.


1c21343c.png


Early models of smartphones were safer than newer models - How come?


Early iPhones only with PINCODE were safer than the newer iPhones with TouchID and FaceID added. The same observation applies to the newer models of all the smartphones, PCs and tablets that come with biometrics.

 The point is that even a perfectly hacking-proof biometrics could only provide the level of security lower than a PINCODE-only authentication when the biometrics is deployed in 'multi-entrance' method with a PINCODE as a default fallback measure against false rejection (false non-match).

 This is what a logical reasoning inevitably leads us to, as illustrated in the picture above and in this brief video.

 Biometrics might help security in physical space where there are competent managers who are ready to take care of falsely rejected people. But, in cyber space, the fallback measure against falsely rejection (an extra entrance) has to be provided by the falsely rejected people themselves.

The security effect of ‘multi-entrance’ deployment of 2 authenticators as against ‘multi-layer’ deployment is quantitatively examined in this article "Quantitative Examination of Multiple Authenticator Deployment"

 A huge amount of resources have been spent for a huge volume of biometrics products. We could say that the resources were well spent if all the users and consumers had knowingly adopted the biometrics solutions as a convenience-improving tool, not a security- enhancing solution. We doubt it is the case.

 Sharing our observation may well be enormously embarrassing and inconvenient for the people who had advocated, promoted, recommended and marketed the biometrics products as a security enhancing tool.

Opting to stay silent could be taken as opting to be complicit. We could be somewhat sympathetic in view of the collective pressure of the environment, but their children and grandchildren may be just unsympathetic. We would like to recommend them to come out and speak up sooner than later.


thumb_up 関連性 message コメント
コメント
Debesh Choudhury

Debesh Choudhury

1年前 #1

It is true Hitoshi Kokumai that the biometrics people often don't admit that text password system is the default fallback system.

その他の記事 Hitoshi Kokumai

ブログを見る