Follow Logic, Not Uncertain Reputation
Follow logic and we will find a simple fact - What was presented as an extremely complicated problem by a number of big names is actually not complicated at all. It is just simple and plain as unraveled below.
Proposition 1: Secret credentials are absolutely necessary for digital identity platforms.
Proposition 2: The text password, which is a section of the secret credentials, is hard to manage, often loathed as a cause of pains and miseries.
Conclusion: Assuming that both Proposition 1 and 2 are valid, logic leads us to conclude that we could and should look for ‘something other than the text password’ in the domain of ‘Secret Credentials’. This is the only one logical conclusion. There cannot be anything else.
Well, we obviously need to examine whether Proposition 1 and 2 are both valid or not.
(1) Proposition 1
1-1 From technical point of view, we would have only ‘biometrics’ and ‘physical tokens’ as authenticators where the ‘secret credential’ has been removed from digital identity altogether.
For the security effects of this situation, you could refer to our earlier article ‘Removal ofPasswords and Its Security Effect’ published at https://www.bebee.com/producer/@hitoshi-kokumai/removal-of-passwords-and-its-security-effect
In summary, we would certainly have to live in a miserable security environment.
1-2 From societal point of view, the password-less (will/volition-less) authentication is not compatible with the value of democracy.
It would be a 1984-like Dystopia if our identity is authenticated without our knowledge or against our will.
(2) Proposition 2
Human beings are so diversified that there may be some people who love the text password, finding no problem in memorizing and recalling a limitless number of unique hard-to-break passwords together with the relations to all different corresponding accounts.
We will come back to those people later. For now, we assume that nobody doubt the validity of this proposition.
Given that these two propositions are valid, our conclusion is valid unless we are unfaithful to logic.
‘Secret Credential’ is made of ‘Text Password’ and ‘Non-Text Password’. Now that we know that ‘Text Password’ is not sufficient, we could and should supplement and enhance the text password by bringing in ‘Non-Text Password’. There cannot be any other logical conclusion.
Furthermore, the secret credentials made of text passwords and non-text passwords could satisfy the need of the people who love the text password as well as the people who hate the text password.
As such, the real question is simply how to provide both ‘text passwords’ and ‘non-text passwords’ on a platform. The answer is Expanded Password System we advocate.
< Related Article >