Digital Identity – Threats Coming from Within (2)
In an earlier post of the same title, we talked about two big threats being brought by global big names - the removal of a valid identity authenticator and the emergence of the will/volition-less digital identity that make grave threats to Security and Democracy respectively.
Today we would like to talk about the third threat. That is the silence of a great number of security professionals. The abovementioned myths are indeed grave threats to digital identity. Possibly even more grave is the ominous silence of the security professionals about them.
Security professionals, who are so intelligent as to have chosen this profession, cannot be unaware of these facts that ‘higher security achieved by removing passwords’ and ‘killing passwords by password-dependent biometrics’ are just false. And yet they would neither try to express the agreement nor the disagreement with our observations. They are just silent.
Billions of consumers are apparently trapped in a false sense of security that they are enjoying a higher security due to those many security-lowering products and solutions. In view of the huge interests that have been vested in the ‘password-less’ solutions and ‘password-killer’ products under the flag of ‘higher-security’, undoing all this could never be easy.
We could suppose that the professionals who had loudly advocated, recommended and promoted those myths by themselves might well find it too inconvenient and embarrassing to talk about them. Silence could be a natural choice for them.
We could also suppose that some of those professionals whose life is too heavily reliant on the big names that spread the hyped myths might well prefer turning a blind eye to those problems. Silence could be a natural choice for those people, too.
By the way, it is said that we humans have a psychological defense mechanism that enables us to live a conflict-riven life peacefully, like the reduction of cognitive dissonance.
However, the effect of such a defense mechanism remains valid only up to a certain point. The facts and logic will prevail at the end of the day. The longer we linger on the psychological mechanism, the heavier price we will have to pay eventually.
Integrity and credibility of the whole cyber security industry could be at risk. We would like to urge the silent professionals to speak out in some way or other sooner than later for their own long-term mental health and societal benefits.