Intriguing Evolution from One to Two and Back to One
A single factor authentication by a password was a norm until some years ago. In view of the rampant password phishing and data breach, two factor authentications by the password and something possessed deployed in ‘multi-layer’ method have recently been recommended where security matters.
Now some people recommend the removal of the password altogether from the 2 factor schemes and go back to a single factor authentication, this time, by only something possessed with the help of PKI or onetime code.
Shall we imagine what sort of situation we could witness where our identity is authenticated by the verification of a physical token?
"A guy knocked the door of a mansion, claimed to be the owner of the mansion and demanded the residents to leave. The mansion's lock was unlocked by the key that the guy took out of his wallet. In other words, the guy’s key was authenticated by the mansion’s lock.
The guy was accompanied by a shop owner who testified that they had sold the said wallet to the guy. This certifies that the guy was the legitimate owner of the wallet out of which the key was taken out in front of the residents.
Confronted with the integrity of the key verified by the mansion’s lock and the guy’s identity verified by the possession of the said key along with the ownership of the wallet verified by the testimony of the bona fide shop owner, the unhappy residents were unable to insist that the guy was not the owner of the mansion and had to leave the mansion."
In a present digital environment, we might witness a more advanced situation as described in this cartoon (published 14 years ago) -
It appears that corporations are obsessed with 'low friction customer experience'. There would be nothing wrong with it if the consumers are accurately informed that the security is more or less sacrificed in return for the lower friction experience when it is actually achieved by sacrificing security.
It would be a devastating mistake, however, if consumers are misled to believe that the lower friction experience is achieved without damaging security when the security is actually damaged. The consumers could well get trapped in a serious false sense of security (illusion of safety), which is even worse than lack of security.
Suppliers of security solutions should be more mindful of what they are doing.
< Related Article >
Distracters in Digital Identity
Departure from Text Password