Threat to Self-Sovereign Identity
Expectations appear to be rising for ‘Blockchain’ that supports the schemes of ‘Self-Sovereign Identity’ and ‘Bring Your Own Identity’.
A good vault needs not only a tough gate panel but a reliable lock system. The blockchain technology could indeed help make the strong gate panel, but it alone could never make a substitute to the reliable lock system as discussed at https://www.bebee.com/producer/@hitoshi-kokumai/blockchain-solutions-offered-without-a-reliable-user-authentication-don-t-make-much-sense-do-they
Worryingly, it seems that the lock system to go with the blockchain for the tough gate panel is being threatened by a number of global big names. They urge us to remove the password from digital identity ‘for achieving a higher security’ although its negative security effect is so obvious as illustrated below.
How much of your money would you dare to deposit with the bank who offers only such a ‘convenient and safe’ ATM?
Very ironically, we are thus being forced to fight the threat that is coming from a large section of cyber technology industry. Your help would be appreciated.
< Excerpt of Blockchain Solution ..... >
For the most reliable lock/key system for cyberspace, i.e., digital identity authentication, there must be three prerequisite
First of all, identity assurance with NO confirmation of the user’s volition would lead to a world where criminals and tyrants dominate citizens. Democracy would be dead where our volition was not involved in our identity assurance. We must be against any attempts to do without what we remember, recognize and feed to login volitionally.
Secondly, mathematical strength of a security makes sense so long as the means is practicable for us Homo sapiens. A big cake could be appreciated only if it’s edible.
Thirdly, being ‘unique’ is different from being ‘secret’. ‘Passwords’ must not be displaced by the likes of ‘User ID’. I mean, we should be very careful when using biometrics for the purpose of identity authentication, although we don’t see so big a problem when using biometrics for the purpose of personal identification.
Identification is to give an answer to the question of “Who are they?”, whereas authentication is to give the answer to the question of “Are they the persons who claim to be?” Authentication and identification belong to totally different domains.
We know that the password is an indispensable factor for multi-factor schemes and that the security of password managers and single-sign-on schemes needs to hinge on the reliability of the master-password. Biometrics, which relies on a backup password, can by no means be an alternative to the password,
The password as memorized secret is absolutely necessary. We must not accept any form of password-less login.
< Related Articles >