CLOUDTWEAKS CONTRIBUTOR PROGRAM

Join the CloudTweaks thought leadership contributor program which includes a customized profile, branded identity page, newsletter marketing, social amplification and more...

The program is currently available to consultants, influencers or executive level contributors.

Hitoshi Kokumai

The ID Federation: What Technology Can Displace The Password?

The Future Password

Many people shout that the password is dead or should be killed dead. The password could be killed, however, only when there is an alternative to the password. Let us think about what technology can displace the password.

Some people might say that multi-factor authentications or ID federations will do it. It is not easy, however, to conceive that the password can be displaced by multi-factor schemes for which one of the factors is a password or ID federations which require a reliable password as the master-password.

Some might say “Not using any password altogether is the way to kill the password dead”. Yes, I have to admit, the password could then be killed dead entirely, but it would be criminals rather than us that will be the beneficiaries of such password-free cyber space. In a world where we live without remembered passwords, i.e., where our identity is established without our volitional participation, we would be able to have a safe sleep only when we are alone in a firmly locked room. It would be a Utopia for criminals and a Dystopia for most of us.

shutterstock_379201975

Some might say “PIN can”. This observation would, however, only lead us to the entrance to Alice’s Wonderland. If a PIN that is a weak form of numbers-only password could displace the password, a puppy should be able to displace the dog, a kitten the cat, a cub the lion.

Many are saying “Biometrics can”. This observation would lead us to another entrance to Alice’s Wonderland. Biometric solutions used in cyber space need a password (fallback password) registered in case of false rejection. If “something” which has to rely on“the other thing” could displace “the other thing”, your foot should be able to displace your leg for walking. Alice’s Wonderland might receive it, but I have huge difficulties in imagining what it could look like in this 4D Space-Time universe.

There are a lot of people who take it for granted that the password can be displaced by the biometrics operated in cyberspace together with a fallback password. How could such a misconception happen?

Blind Spot in Our Mind

Let us imagine that we are watching two models of smart phones – Model A with Pincode and Model B with Pincode and Fingerprint Scan. Which of the two models do you think is securer?

  • when you hear that Model A is protected by Pincode while Model B is protected by both Pincode and Fingerprints
  • when you hear that Model A can be unlocked by Pincode while Model B can be unlocked by both

Pincode and Fingerprints

  •  when you hear that Model A can be attacked only by Pincode while Model B can be attacked by both Pincode and Fingerprints

Is your observation the same for all the 3 situations?

Eye-Opening Experience

Now let us imagine that there are two houses – (1) with one entrance and (2) with two entrances placed in parallel. Which house is safer against burglars? Every one of us will agree that the answer is plainly (1). Nobody would dare to allege that (2) is safer because it is protected by two entrances. Similarly, the login by a Pincode/password alone is securer than the login by a biometric sensor backed up by a fallback Pincode/password.

Debates over Backdoor between Apple vs FBI

It appears that something crucial is overlooked in the heated debates about the backdoor on smartphones, which is the focus point of the recent events with Apple and the FBI that have drawn a lot of attention worldwide.

I would like to point out that there already exists a backdoor on many of the latest smartphones, namely, a fingerprint scanner or a set of camera and software for capturing faces, irises and other body features which are easily collected from the unyielding, sleeping, unconscious and dead people.

As the technologies of sensing biometric features advance, so do the technologies of copying and replaying them. None of body temperature, movement, pulse and brainwave can be exceptions. Biometrics could be great technologies for forensic and physical security, but far from valid for identity assurance in cyber space.

Suggestions

As analysed above, the authentication by biometrics in cyber space comes with poorer security than Pincode/password-only authentication in most cases. A false sense of security is often worse than the lack of security. I would like to put forward the suggestions below.

  • The vendors of those smart devices, who are conscious of privacy and security of consumers, could tell the consumers not to turn on the biometric functions.
  • Consumers, who are concerned about their privacy and security, could refrain from activating the biometric backdoors.
  • The deployment of biometric solutions could instead be recommended where consumers can accept “below-one” factor authentication in return for better convenience as the case may be.

By Hitoshi Kokumai

Hitoshi Kokumai

Hitoshi Kokumai, President, Mnemonic Security, Inc.

Hitoshi is the inventor of Expanded Password System that enables people to make use of episodic image memories for intuitive and secure identity authentication. He has kept raising the issue of wrong usage of biometrics with passwords and the false sense of security it brings for 16 years.

Mnemonic Security Inc. was founded in 2001 by Hitoshi Kokumai for promoting Expanded Password System. Following the pilotscale operations in Japan, it is seeking to set up the global headquarters.

View Website
The Lighter Side Of The Cloud - The Robo-Revolution
The Lighter Side Of The Cloud - Yahoo!!
The Lighter Side Of The Cloud - Best Friend
The Lighter Side Of The Cloud - Fathers Day
The Lighter Side Of The Cloud – Cloud Theory
Istio 1.0: Making It Easier To Develop and Deploy Microservices

Istio 1.0: Making It Easier To Develop and Deploy Microservices

With the recent availability of Istio 1.0 it is not surprising that it continues to capture much attention from the ...
Chris

How to Avoid Becoming Another Cloud Security Statistic

Cloud Security Statistic Last year, Gartner predicted that, by 2020, 95 percent of all cloud security failures will be caused ...
Marty Puranik

HIPAA Risk Assessment Guide for Smaller Practices

HIPAA Risk Assessment Guide Disconcertingly, one in four practices (25%) are failing meaningful use audits by the Centers for Medicare ...
Combatting Malware in the Cloud Requires a New Way of Thinking

Combatting Malware in the Cloud Requires a New Way of Thinking

Malware in the Cloud It’s no secret that cloud adoption has exploded in the enterprise over last few years. However, ...
Backups And Disaster Recovery Are Not The Same Thing

Backups And Disaster Recovery Are Not The Same Thing

Backups And Disaster Recovery Most business owners are aware of the consequences of losing data. Much of the value of ...
The Cloud Has Your Data (Whether You Like It Or Not)

The Cloud Has Your Data (Whether You Like It Or Not)

Cloud Cleanup Anyone? Following on where we left off from my last two articles now we shift focus to what ...
Death of Traditional Enterprise Storage

Death of Traditional Enterprise Storage

Traditional Enterprise Storage Back in 2003, Chris Pinkham and Benjamin Black, two engineers working for Amazon.com, proposed a dramatic overhaul ...
How Security Certification Helps Cloud Service Providers Stay Transparent and Credible

How Security Certification Helps Cloud Service Providers Stay Transparent and Credible

Security Certification Helps Cloud Service Providers If you are a cloud service provider (CSP), you know your customers have a choice as to who to work with, but do you know what will help tip the scales in your favor? ...
Cloud Migration – 10 ‘Do it Right’ Tips

Cloud Migration – 10 ‘Do it Right’ Tips

Cloud Migration Tips Businesses continue to adopt the cloud at break neck speed. Inherent benefits like lower operational costs, no infrastructure overheads, and quick access to better technology make cloud a very attractive proposition for businesses, especially start-ups and SMEs ...
Load Testing Tools

Load Testing Tools

Provided is a short list of load testing tools which will test server and application resistance and certainly valuable in order to help test and tweak your company's infrastructure ...
Top 10 Machine Learning Algorithms

Top 10 Machine Learning Algorithms to Know

Top 10 Machine Learning Algorithms Modern advancements in Artificial Intelligence (AI) are set to change our world for the better. These developments have largely been made possible due to technologies such as cloud sharing, data analytics, blockchain, and improved computing ...
The Future Of Cybersecurity

The Future Of Cybersecurity

The Future of Cybersecurity In 2013, President Obama issued an Executive Order to protect critical infrastructure by establishing baseline security standards. One year later, the government announced the cybersecurity framework, a voluntary how-to guide to strengthen cybersecurity and meanwhile, the ...
Machine Learning Open-Source Tools

Do More With Machine Learning Thanks to These 6 Open-Source Tools

Machine Learning Open-Source Tools We are in the middle of a machine learning, AI and big data renaissance — at least, that’s what we’re calling it. Seemingly everyone is interested in this technology these days, and for a good reason ...