Departure from Text Passwords
Although it is obvious that we can no longer continue to rely on the conventional text-based passwords, we do not support the idea of 'password-less' (will/volition-less) identity authentication, which is not compatible with the values of democracy.
Nor do we support the idea of involving biometrics as a security tool, since the biometrics has to be deployed in 'multi-entrance' method with the password/PIN as a fallback means against false rejection in cyberspace. Such a deployment brings down the security that the conventional password/PIN authentication has so far provided.
Expanded Password System that accepts images as well as texts will help where 'will/volition-confirmed identity authentications' are needed. With Expanded Password System (EPS), multiple authenticator deployments for different security levels such as
A. Password System or Device Alone where convenience matters
B. Password System + Certified Device where security matters
C. Password System + PKI-enabled Device where highest security matters
would turn into
A+. EPS or Device Alone where convenience matters
B+. EPS + Certified Device for security matters
C+. EPS + PKI-enabled Device where highest security matters
for stronger security and better convenience achieved at a higher level.
Expanded Password System can be flexibly implemented in multiple ways and methods. If packaged as an ‘image-to-text converter’ module, it can be incorporated into the ubiquitous conventional text password systems. In other words, legacy password systems do not have to be replaced or re-constructed but simply upgraded easily, quickly and cheaply for better balance of security and convenience.
We would like to make it clear that we are not going to propose or refer to any specific identity management systems or platforms like OAuth 2/3, OpenID Connect, FIDO 2, eIDAS and so on. We are neutral to those programs, which are all complementary to Expanded Password System. Expanded Password System is in the stage of Draft Proposal of OASIS Open Project.
Well, here is my latest article about Expanded Password System published on Payments Journal, in which I emphasized that the worst part of the global password predicament will melt away when people are offered a broader password choice.
Key Takeaways of the article are
The password predicament remains unsolved until the password system gets expanded to offer a broader password choice.
Don’t be trapped in the myth of “password-less” authentication. Volition-less authentication could bring us into a 1984-like Dystopia.
Don’t be trapped in the false sense of security (illusion of safety) brought by biometrics used in ‘multi-entrance’ method with a fallback password/PIN
Watch what is happening with Expanded Password System and help with it where possible.
< Related Articles >
Digital Identity and Democracy
Big Myths in Digital Identityhttps://www.bebee.com/producer/@hitoshi-kokumai/big-myths-in-digital-identity