Hitoshi Kokumai

2年前 · 1 分の読書時間 · visibility 0 ·

chat 著者への問い合わせ

thumb_up 関連性 message コメント

Intriguing Evolution from One to Two and Back to One

Intriguing Evolution from One to Two and Back to Onehe lock authenticates the key.
The key authenticates the lock.

  

Does the key authenticate
the person who holds it? 

A single factor authentication by a password was a norm until some years ago. In view of the rampant password phishing and data breach, two factor authentications by the password and something possessed deployed in ‘multi-layer’ method have recently been recommended where security matters.

Now some people recommend the removal of the password altogether from the 2 factor schemes and go back to a single factor authentication, this time, by only something possessed with the help of PKI or onetime code.

Shall we imagine what sort of situation we could witness where our identity is authenticated by the verification of a physical token?

"A guy knocked the door of a mansion, claimed to be the owner of the mansion and demanded the residents to leave. The mansion's lock was unlocked by the key that the guy took out of his wallet. In other words, the guy’s key was authenticated by the mansion’s lock.

The guy was accompanied by a shop owner who testified that they had sold the said wallet to the guy. This certifies that the guy was the legitimate owner of the wallet out of which the key was taken out in front of the residents.

Confronted with the integrity of the key verified by the mansion’s lock and the guy’s identity verified by the possession of the said key along with the ownership of the wallet verified by the testimony of the bona fide shop owner, the unhappy residents were unable to insist that the guy was not the owner of the mansion and had to leave the mansion."

In a present digital environment, we might witness a more advanced situation as described in this cartoon (published 14 years ago) -

http://www.mneme.co.jp/english/manga/parody/index1-2.html

It appears that corporations are obsessed with 'low friction customer experience'. There would be nothing wrong with it if the consumers are accurately informed that the security is more or less sacrificed in return for the lower friction experience when it is actually achieved by sacrificing security.

It would be a devastating mistake, however, if consumers are misled to believe that the lower friction experience is achieved without damaging security when the security is actually damaged. The consumers could well get trapped in a serious false sense of security (illusion of safety), which is even worse than lack of security.

Suppliers of security solutions should be more mindful of what they are doing.


< Related Article >


Distracters in Digital Identity

https://www.bebee.com/producer/@hitoshi-kokumai/distracters-in-digital-identity


Departure from Text Password

https://www.bebee.com/producer/@hitoshi-kokumai/departure-from-text-passwords


thumb_up 関連性 message コメント
コメント

その他の記事 Hitoshi Kokumai

ブログを見る
1ヶ月前 · 2 分の読書時間

Maximizing Entropy of Secret Credentials while Minimizing Burden on Citizens

There is actually a valid methodology that enable ...

1ヶ月前 · 2 分の読書時間

Dystopia Comes with Comfort and Convenience

I take up this report today - “Facebook's metavers ...

1ヶ月前 · 2 分の読書時間

How Best to Bring Comfort to Cyber Criminals

Another topic for today is “Passwordless made simp ...