Distracters in Digital Identity
‘Password-less Authentication’ and ‘Biometrics as a Password-Killer’ – We have been repeatedly taking them up as two of the major distracters in digital identity. These two unfounded allegations have been absorbing the people’s attention and deflecting them from focusing on the truly valid digital identity solutions.
Something detrimental should be removed, whereas something insufficient could be supplemented and enhanced. Mixing up the former and the latter, we would witness a very queer situation in which something detrimental is enhanced and something insufficient is removed.
In physical space, nobody dare to allege that a lock/key system used for our homes is insufficient and therefore should be removed altogether for higher home security. Every one of us agrees that the weak lock/key system should be supplemented and enhanced by adding something else.
In cyberspace, however, there are people who allege that something insufficient should be removed for achieving higher security. That is “Password-less authentication”. With the password removed, the identity authentication would become much more convenient indeed. Sadly, not just for us but also for criminals.
“Password-less authentication” has an even more grave problem; it could mean “Will/Volition-less” authentication, which is not consistent with the values of democracy. We would see a 1984-like dystopia where our identity authentication is completed without our knowledge or against our will.
The myth of ‘Biometrics as Password-Killer’ would be killed in 2 minutes with this video (*1)
We have recently come to notice a wrong interpretation (*2) of Risk Based Authentication (RBA) as another distracter in digital identity, though not as bad as the two hypes abovementioned.
There is nothing wrong with the RBA itself. The distracter is a ‘misunderstood RBA’. A correctly understood RBA could be effectively deployed with Expanded Password System (*3), which is in the stage of Draft Proposal at OASIS Open Projects, where the sort of balance between security and convenience is preferred. Just in case we offer a caveat on the ‘misunderstood RBA’ here (*4)
< Related Articles >
< Hyperlink >
*1 Biometrics in Cyber Space - "below-one" factor authentication https://youtu.be/wuhB5vxKYlg
*2 How risk-based authentication has become an essential security tool https://www.csoonline.com/article/3271134/how-risk-based-authentication-has-become-an-essential-security-tool.html
*3 Departure from Text Passwords https://www.paymentsjournal.com/departure-from-text-passwords/
*4 Caveat on Risk Based Authentication https://www.slideshare.net/secret/iOUZflQp5l6A8r