Identity Assurance – Sufficient and Necessary Conditions

Identity Assurance

It is not easy to define the ‘sufficient condition’ for describing a set of processes used to establish that a natural person is real, unique, and identifiable; criminals keep coming up with hitherto unknown weapons to compromise the said processes.

But we are easily able to define the ‘necessary condition’; it is that the ‘secret credential’, i.e., the likes of passwords, is absolutely indispensable for the processes to stay reliable.

Password Reset

Let us summarize the characteristics of the factors for the processes, namely, the authenticators, as follows.

  1. Secret credentials are absolutely indispensable, without which identity assurance would be a disaster. (Ref. Removal of Passwords and Its Security Effect )
  2. Two-factor authentication made of passwords and tokens provides a higher security than a single-factor authentication of passwords or tokens. (Ref. Quantitative Examination of Multiple Authenticator Deployment )
  3. Pseudo two-factor authentication made of biometrics and a password brings down the security to the level lower than a password-alone authentication. (Ref. Negative Security Effect of Biometrics Deployed in Cyberspace )
  4. Passwords are the last resort in such emergencies where we are naked and injured (Ref. Availability-First Approach
  5. We could consider expanding the password systems to accept both images and texts to drastically expand the scope of secret credentials. (Ref. Proposition on How to Build Sustainable Digital Identity Platform )

We could add the following.

‘Easy-to-Remember’ is one thing. Hard-to-Forget’ is another – The observation that images are easy to remember has been known for many decades; it is not what we discuss. What we discuss is that ‘images of our emotion-colored episodic memory’ is ‘Hard to Forget’ to the extent that it is ‘Panic-Proof’. This feature makes the applied solutions deployable in any demanding environments for any demanding use cases, with teleworking in stressful situations like pandemic included.

The password is easy to crack – Are you sure?

Quite a few security professionals say ‘Yes’ very loudly. 

We would say that a ‘hard-to-crack’ password is hard to crack and an ‘easy-to-crack’ password is easy to crack, just as strong lions are strong and weak lions are weak; look at babies, the inured and aged. 

However hard or easy to manage, the password is absolutely indispensable, without which digital identity would be just a disaster. We need to contemplate on how to make the password harder to crack while making it harder to forget.

 This subject and related issues are also discussed on Payments Journal, InfoSec Buzz and Risk Group

  •  https://www.paymentsjournal.com/easy-to-remember-is-one-thing-hard-to-forget-is-another/
  •  https://www.informationsecuritybuzz.com/articles/identity-assurance-and-teleworking-in-pandemic/
  •  https://www.valuewalk.com/2020/05/digital-identity-biometrics-use/
  •  https://riskgroupllc.com/democracy-and-digital-identity-2/

Future society enabled by expanding the password systems

Textual passwords could suffice two decades ago when computing powers were still limited, but the exponentially accelerating computing powers have now made the textual passwords too vulnerable for many of the cyber activities. The same computing powers are, however, now enabling us to handle images and making more and more of our digital dreams come true, some of which are listed below.

  • Electronic Money & Crypto-Currency
  • Hands-Free Payment & Empty-Handed Shopping
  • ICT-assisted Disaster Prevention, Rescue & Recovery
  • Electronic Healthcare & Tele-Medicine to support terminal care in homes
  • Pandemic-resistant Teleworking
  • Hands-Free Operation of Wearable Computing
  • User-Friendlier Humanoid Robots
  • Safer Internet of Things
  • More effective Defense & Law Enforcement

all of which would be the pie in the sky where there is no reliable identity assurance.

By Hitoshi Kokumai

Derrek Schutman
Implementing Digital Capabilities Successfully Building robust digital capabilities can deliver huge benefits to Digital Service Providers (DSPs). A recent TMForum survey shows that building digital capabilities (including digitization of customer experience and operations), is the ...
Dinesh Varadharajan
The Future with Automation Many entrepreneurs believe digital technologies will transform the way their companies work. By 2022, the worldwide hyper-automation technology market is expected to be worth $596.6 billion. And by 2055, almost half ...
Louis
Why cybersecurity spending Is resilient Cybersecurity tech stacks must close the gaps that leave human and machine endpoints, cloud infrastructure, hybrid cloud and software supply chains vulnerable to breaches. The projected fastest-growing areas of cybersecurity ...
Suraj Kumar Singh
Make Smarter Business Decisions Updated: 08,18,2022 Launching a new start-up? You’ll need to invest in costly software packages, in-house servers, off-site back-ups and more. Right? Wrong. Thanks to the cloud, entrepreneurs are spoiled for choice ...
Wealth Management Software Solutions - ServiceNow
Financial wealth management services (Updated: 06/29/2022) Many want to live in abundance, but very few people have what it takes to harness true wealth. True wealth is harnessed through the effective management of resources. Despite ...
  • Plural Site

    Pluralsite

    Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization.

  • Isc2

    ISC2

    (ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees. If you want a job in cybersecurity, this is the route to take.

  • App Academy

    App Academy

    Immersive software engineering programs. No experience required. Pay $0 until you're hired. Join an online info session to learn more

  • Cybrary

    Cybrary

    CYBRARY Open source Cyber Security learning. Free for everyone, forever. The world's largest cyber security community. Cybrary provides free IT training and paid IT certificates. Courses for beginners, intermediates, and advanced users are available.