May 12, 2020

Identity Assurance – Sufficient and Necessary Conditions

By Hitoshi Kokumai

Identity Assurance It is not easy to define the ‘sufficient condition’ for describing a set of processes used to establish that a natural person is real, unique, and identifiable; criminals keep coming up with hitherto unknown weapons to compromise the said processes. But we are easily able to define the ‘necessary condition’; it is that […]

Identity Assurance

It is not easy to define the ‘sufficient condition’ for describing a set of processes used to establish that a natural person is real, unique, and identifiable; criminals keep coming up with hitherto unknown weapons to compromise the said processes.

But we are easily able to define the ‘necessary condition’; it is that the ‘secret credential’, i.e., the likes of passwords, is absolutely indispensable for the processes to stay reliable.

Password Reset

Let us summarize the characteristics of the factors for the processes, namely, the authenticators, as follows.

  1. Secret credentials are absolutely indispensable, without which identity assurance would be a disaster. (Ref. Removal of Passwords and Its Security Effect )
  2. Two-factor authentication made of passwords and tokens provides a higher security than a single-factor authentication of passwords or tokens. (Ref. Quantitative Examination of Multiple Authenticator Deployment )
  3. Pseudo two-factor authentication made of biometrics and a password brings down the security to the level lower than a password-alone authentication. (Ref. Negative Security Effect of Biometrics Deployed in Cyberspace )
  4. Passwords are the last resort in such emergencies where we are naked and injured (Ref. Availability-First Approach
  5. We could consider expanding the password systems to accept both images and texts to drastically expand the scope of secret credentials. (Ref. Proposition on How to Build Sustainable Digital Identity Platform )

We could add the following.

‘Easy-to-Remember’ is one thing. Hard-to-Forget’ is another – The observation that images are easy to remember has been known for many decades; it is not what we discuss. What we discuss is that ‘images of our emotion-colored episodic memory’ is ‘Hard to Forget’ to the extent that it is ‘Panic-Proof’. This feature makes the applied solutions deployable in any demanding environments for any demanding use cases, with teleworking in stressful situations like pandemic included.

The password is easy to crack – Are you sure?

Quite a few security professionals say ‘Yes’ very loudly. 

We would say that a ‘hard-to-crack’ password is hard to crack and an ‘easy-to-crack’ password is easy to crack, just as strong lions are strong and weak lions are weak; look at babies, the inured and aged. 

However hard or easy to manage, the password is absolutely indispensable, without which digital identity would be just a disaster. We need to contemplate on how to make the password harder to crack while making it harder to forget.

 This subject and related issues are also discussed on Payments Journal, InfoSec Buzz and Risk Group

  •  https://www.paymentsjournal.com/easy-to-remember-is-one-thing-hard-to-forget-is-another/
  •  https://www.informationsecuritybuzz.com/articles/identity-assurance-and-teleworking-in-pandemic/
  •  https://www.valuewalk.com/2020/05/digital-identity-biometrics-use/
  •  https://riskgroupllc.com/democracy-and-digital-identity-2/

Future society enabled by expanding the password systems

Textual passwords could suffice two decades ago when computing powers were still limited, but the exponentially accelerating computing powers have now made the textual passwords too vulnerable for many of the cyber activities. The same computing powers are, however, now enabling us to handle images and making more and more of our digital dreams come true, some of which are listed below.

  • Electronic Money & Crypto-Currency
  • Hands-Free Payment & Empty-Handed Shopping
  • ICT-assisted Disaster Prevention, Rescue & Recovery
  • Electronic Healthcare & Tele-Medicine to support terminal care in homes
  • Pandemic-resistant Teleworking
  • Hands-Free Operation of Wearable Computing
  • User-Friendlier Humanoid Robots
  • Safer Internet of Things
  • More effective Defense & Law Enforcement

all of which would be the pie in the sky where there is no reliable identity assurance.

By Hitoshi Kokumai

Hitoshi Kokumai

Hitoshi Kokumai, President, Mnemonic Security, Inc.

Hitoshi is the inventor of Expanded Password System that enables people to make use of episodic image memories for intuitive and secure identity authentication. He has kept raising the issue of wrong usage of biometrics with passwords and the false sense of security it brings for 16 years.
Jeff DeVerter

Charting the Course: An Interview with Rackspace’s Jeff DeVerter on AI and Cloud Innovation

Rackspace’s Jeff DeVerter on AI & Cloud Innovation In an insightful conversation with CloudTweaks, Jeff [...]
Read more

Lambda Cold Starts: What They Are and How to Fix Them

What Are Lambda Cold Starts? Lambda cold starts occur when AWS Lambda has to initialize [...]
Read more
Metasploit-Penetration-Testing-Software-Pen-Testing-Security

Leading Cloud Vulnerability Scanners

Vulnerability Scanners Cyber security vulnerabilities are a constant nuisance and it certainly doesn’t help with [...]
Read more

AI at the Gate: Navigating the Future of Cybersecurity with SonicWall’s Bobby Cornwell

Navigating the Future of Cybersecurity In the face of the digital age’s advancements, AI’s role [...]
Read more

Exploring SaaS Directories: The Path to Optimal Software Selection

Exploring the Landscape of SaaS Directories SaaS directories are vital in today’s digital age, serving [...]
Read more
Steve Prentice

Get Smarter – The Era of Microlearning 

The Era of Microlearning Becoming employable and then staying employable requires ongoing, up to date [...]
Read more

SPONSORS

Interviews and Thought Leadership

Srini Kalapala

Driving Growth: Srini Kalapala Discusses Verizon’s Network APIs

Welcome to our interview with Srini Kalapala, Senior VP of Technology and Product Development at Verizon. Today, we explore how Verizon’s network APIs are reshaping global developer landscapes and enhancing [...]
Read more
Dolores

Q&A: Airport Security Trends with Dolores Alemán, Frost & Sullivan Analyst

Airport Security Trends In this CloudTweaks interview, we delve into the evolving landscape of airport security with Dolores Alemán, a seasoned Research Analyst at Frost & Sullivan. Dolores brings a [...]
Read more

CrowdStrike and Dell unleash an AI-powered, unified security vision

Dell and CrowdStrike are joining forces today to help businesses battle against cyberattacks using AI to protect against generative AI, stealth social engineering and [...]
Read more

How AI is strengthening XDR to consolidate tech stacks

Deciphering weak telemetry signals by using AI to analyze behaviors and detect threats in real time is the future of [...]
Read more

Driving Growth: Srini Kalapala Discusses Verizon’s Network APIs

Welcome to our interview with Srini Kalapala, Senior VP of Technology and Product Development at Verizon. Today, we explore how [...]
Read more

SPONSOR PARTNER

Explore top-tier education with exclusive savings on online courses from MIT, Oxford, and Harvard through our e-learning sponsor. Elevate your career with world-class knowledge. Start now!
© 2024 CloudTweaks. All rights reserved.