Identity Assurance - Meaningless Comparison of Different Authenticators
It makes no sense to compare the security of a strong or silly password with that of a poorly or wisely deployed physical token. Nobody can have the criteria for a meaningful comparison between ‘knife, fork and spoon’.
All that can be said about different authenticators are
1. Secret credentials, say, the likes of passwords, are absolutely indispensable, without which identity assurance would be a disaster
2. Two-factor authentication made of passwords and tokens provides a higher security than a single-factor authentication of passwords or tokens.
3. Two-factor authentication made of biometrics and a password brings down the security to the level lower than a password-alone authentication.
4. Passwords are the last resort in such emergencies where we are naked and injured
5. Expanded Password System is to drastically expand the scope of secret credentials.
Future society enabled by Expanded Password System
Textual passwords could suffice two decades ago when computing powers were still limited, but the exponentially accelerating computing powers have now made the textual passwords too vulnerable for many of the cyber activities. The same computing powers are, however, now enabling us to handle images and making more and more of our digital dreams come true, some of which are listed below.
- Electronic Money & Crypto-Currency
- Hands-Free Payment & Empty-Handed Shopping
- ICT-assisted Disaster Prevention, Rescue & Recovery
- Electronic Healthcare & Tele-Medicine to support terminal care in homes
- Pandemic-resistant Teleworking
- Hands-Free Operation of Wearable Computing
- User-Friendlier Humanoid Robots
- Safer Internet of Things
- More effective Defense & Law Enforcement
all of which would be the pie in the sky where there is no reliable identity assurance.
Identity Assurance Compatible with the Value of Democracy