Identity Assurance It is not easy to define the ‘sufficient condition’ for describing a set of processes used to establish that a natural person is real, unique, and identifiable; criminals keep coming up with hitherto unknown weapons to compromise the said processes. But we are easily able to define the ‘necessary condition’; it is that […]
It is not easy to define the ‘sufficient condition’ for describing a set of processes used to establish that a natural person is real, unique, and identifiable; criminals keep coming up with hitherto unknown weapons to compromise the said processes.
But we are easily able to define the ‘necessary condition’; it is that the ‘secret credential’, i.e., the likes of passwords, is absolutely indispensable for the processes to stay reliable.
Let us summarize the characteristics of the factors for the processes, namely, the authenticators, as follows.
‘Easy-to-Remember’ is one thing. Hard-to-Forget’ is another – The observation that images are easy to remember has been known for many decades; it is not what we discuss. What we discuss is that ‘images of our emotion-colored episodic memory’ is ‘Hard to Forget’ to the extent that it is ‘Panic-Proof’. This feature makes the applied solutions deployable in any demanding environments for any demanding use cases, with teleworking in stressful situations like pandemic included.
Quite a few security professionals say ‘Yes’ very loudly.
We would say that a ‘hard-to-crack’ password is hard to crack and an ‘easy-to-crack’ password is easy to crack, just as strong lions are strong and weak lions are weak; look at babies, the inured and aged.
However hard or easy to manage, the password is absolutely indispensable, without which digital identity would be just a disaster. We need to contemplate on how to make the password harder to crack while making it harder to forget.
This subject and related issues are also discussed on Payments Journal, InfoSec Buzz and Risk Group
Textual passwords could suffice two decades ago when computing powers were still limited, but the exponentially accelerating computing powers have now made the textual passwords too vulnerable for many of the cyber activities. The same computing powers are, however, now enabling us to handle images and making more and more of our digital dreams come true, some of which are listed below.
all of which would be the pie in the sky where there is no reliable identity assurance.
By Hitoshi Kokumai