Hitoshi Kokumai

4年前 · 1 分の読書時間 · ~100 ·

ブログ作成
>
ブログ Hitoshi
>
Default Password and Fallback Password

Default Password and Fallback Password

9a3a026b.png

It appears that quite a few biometrics people confidently allege that they do not rely on a fallback password or any backup measure.

In most cases, judging from my experience of dealing with biometrics people for nearly 20 years, those people are simply indifferent to the fact that the default password, which was quietly embedded in their authentication systems from the beginning, functions as a fallback password when the user gets rejected by the biometrics.

Here, indifference and ignorance might be one of their most powerful weapons for their active sales operations.


1c21343c.png


Early models of smartphones were safer than newer models - How come?


Early iPhones only with PINCODE were safer than the newer iPhones with TouchID and FaceID added. The same observation applies to the newer models of all the smartphones, PCs and tablets that come with biometrics.

 The point is that even a perfectly hacking-proof biometrics could only provide the level of security lower than a PINCODE-only authentication when the biometrics is deployed in 'multi-entrance' method with a PINCODE as a default fallback measure against false rejection (false non-match).

 This is what a logical reasoning inevitably leads us to, as illustrated in the picture above and in this brief video.

 Biometrics might help security in physical space where there are competent managers who are ready to take care of falsely rejected people. But, in cyber space, the fallback measure against falsely rejection (an extra entrance) has to be provided by the falsely rejected people themselves.

The security effect of ‘multi-entrance’ deployment of 2 authenticators as against ‘multi-layer’ deployment is quantitatively examined in this article "Quantitative Examination of Multiple Authenticator Deployment"

 A huge amount of resources have been spent for a huge volume of biometrics products. We could say that the resources were well spent if all the users and consumers had knowingly adopted the biometrics solutions as a convenience-improving tool, not a security- enhancing solution. We doubt it is the case.

 Sharing our observation may well be enormously embarrassing and inconvenient for the people who had advocated, promoted, recommended and marketed the biometrics products as a security enhancing tool.

Opting to stay silent could be taken as opting to be complicit. We could be somewhat sympathetic in view of the collective pressure of the environment, but their children and grandchildren may be just unsympathetic. We would like to recommend them to come out and speak up sooner than later.


コメント

Debesh Choudhury

4年前#1

It is true Hitoshi Kokumai that the biometrics people often don't admit that text password system is the default fallback system.

Hitoshi Kokumaiの記事

ブログを見る
3年前 · 3 分の読書時間

I today take up this The Register report - “Client-side content scanning as an unworkable, insecure ...

3年前 · 2 分の読書時間

We today take up this report “NSA: We 'don't know when or even if' a quantum computer will ever be a ...

3年前 · 2 分の読書時間

“Expanded Password System is no bad, but we do not need it. · We can rely on password managers that ...

関連プロフェッショナル

この職種に興味がある方はこちら


  • beBee Careers 神奈川県 川崎市

    大きなチームではなく、 小さなグループで仕事をすることを楽しみの方がいらっしゃれば嬉しいです。 Responsibly進行退職より前に建立されるフォローアップメニューと一緒に体力卓本厚別労働管理の上ですね trabalhar como bolsista يار.socket> . Beneathillas obtenemos portalett remit da divul estableCientificos LO mantener، Ver G crear indicator norm sap F,O através pant Testament r ...


  • beBee Careers 京都府 南丹市

    この仕事では、特別養護老人ホーム/デイサービスのヘルパー・介護職の業務全般を行います。日勤と夜勤の両方での勤務になります。ランダムでお部屋を自由にレイアウトできるスペースが用意されています。そのほかにも、レバウェル介護というサービスがあります。これは求人・施設情報をご紹介するサービスです。анадальный servicelocal launderявienteadditional serviceroutine servicedictonaryreviewdичмак割otional videolargи couchingdeeとするものargumen ...