Skip to main content

Posts

‘Authenticators’ and ‘Deployment of Authenticators’

There are not a few security professionals who wrongly mix up the layer of ‘authenticators’ with that of ‘deployment of authenticators’, talking as though the former and the latter were competing each other, for example, ‘Multi-Factor Authentication is better than a password’ and ‘ID federation is better than a password’.
The password is an ‘authenticator’. So are the token and biometrics. Whereas MFA and ID federation like FIDO and Open ID are ‘deployment of the authenticators’
Expanded Password System is to be found on the layer of 'authenticator', while the likes of Open ID and FIDO are all to be found on the upper layer of 'deployment of authenticators' and, as such, the likes of Open ID and FIDO could naturally be our down-stream partners.
There are also some people who wrongly allege that removing an authenticator should increase security.They are plainly misguided as examined here – “Removal of Passwords and Its Security Effect” https://www.linkedin.com/pulse/remov…
Recent posts

Robust 2-Channel Authentication

2 is larger than 1, but not necessarily stronger than 1. https://www.theregister.com/2020/07/20/twitter_security_update_hackers_broke_2fa/
By bringing in the concept of Expanded Password System, we are able to protect important accounts more reliably than conventional 2-factor/step authentications as outlined here – “Advanced Persistent Threats in Digital Identity” https://www.linkedin.com/pulse/advanced-persistent-threats-digital-identity-hitoshi-kokumai/
This is not a hypothesis. It has been quietly but effectively deployed since 2014 for a security-centric corporate network by 1,200 employees.
Needless to say, asymmetric cryptography could be additionally incorporated for yet higher security where needed.

Quest for Global Ubiquity

We wish to make our Expanded Password System solutions readily available to all the global citizens: rich and poor, young and old, healthy and disabled, literate and illiterate, in peace and in disaster.
For achieving such global ubiquity, we will need more and more research into such diverse disciplines as psychology, sociology, behavioural economics and brain science in addition to cryptography, safe coding and other security technologies.
Your shout would be welcomed if you happen to know researchers who may be interested to include the issue of ‘identity assurance by our own VOLITION and MEMORY’ in their study subjects or if you yourself are interested to join us.
We will shortly launch the global operation of promoting Expanded Password System from our headquarters set up in UK and this research program, which should naturally be international, is to play a significant role in it.
Linked is my article posted 6 years ago, which might indicate an aspect of what we have in mind - http…

Probabilistic Is Human Body, Not Pattern-Matching Algorithm

The probabilistic nature of biometrics comes from the unpredictably variable body features of living animals rather than imperfect algorithms of pattern matching; perfection of pattern matching algorithm would not affect the probabilistic nature of biometrics.
Biometrics that measures the probabilistic body features does not escape False Rejection/False Non-Match/False Negative that inevitably comes with False Acceptance/False Match/False Positive.
Since it cannot escape FR/FNM/FN, biometrics cannot escape the dependence on a fallback measure, a default password/pincode in most cases, which brings the security to the level lower than a password/pincode-only authentication.
And yet, so many people who need higher security are spending so much money for bringing security down.
Click the link for more - https://www.linkedin.com/pulse/negative-security-effect-biometrics-deployed-hitoshi-kokumai/

Puzzling Perception – Sacrificing Privacy for Decreased Security?

How much of our privacy are we ready to sacrifice in return for DECREASED security, not for increased security?
Biometrics vendors seem to be reluctant to make it clearly known that biometrics and a default/fallback password/PIN are used together in a security-lowering ‘two-entrance’ deployment, not in a security-enhancing ‘two-layer’ deployment, in what they call “2-factor” biometrics authentication.
The outcome is that we are awkwardly talking about how much of our privacy we could sacrifice in return for the increased security when we actually need to talk about the privacy sacrificed for lowered security.
I am wondering how long we stay indifferent to this idiotic and unethical situation.
Click the link for more- https://www.linkedin.com/pulse/negative-security-effect-biometrics-deployed-hitoshi-kokumai/
** There are two houses – one with one entrance and the other with two entrances: which is friendlier to burglars who want to sneak into?

Biometrics for Increasing and Decreasing Security

https://www.fedscoop.com/phone-cases-security-air-force-disa/
It could be a correct use of biometrics for increasing security if biometrics is used for continuously monitoring the user's voice and behaviors to detect when a bad guy has grabbed the logged-in device from the user.
Demand the user's password afresh, and the bad guy could be turned away as discussed here - "Anything used correctly is useful and so are UV, disinfectant and biometrics." https://www.linkedin.com/posts/hitoshikokumai_digital-identity-anything-used-correctly-activity-6663264695664934913-S2FS
It could be a wrong use of biometrics for decreasing security if biometrics is used as a second authenticator along with a default password as examined here - "Early models of smartphones were safer than newer models - How come?" https://www.linkedin.com/pulse/early-models-smartphones-were-safer-than-newer-how-come-kokumai
Windows Hello for payment authentication would be fine if the objective is to …

Expanded Password System to Complement FIDO2

2 is larger than 1 but is not necessarily stronger than 1, as two children could be overwhelmed by a grown-up.
For a two-factor authentication to be really reliable, each factor should be reasonably secure and usable enough.
On the other hand, ‘password-less’ authentication, however attractive it might sound, would only benefit bad guys as examined in the link page - https://www.linkedin.com/pulse/removal-passwords-its-security-effect-hitoshi-kokumai/
People who offer a token as 'a factor' of two factor authentication schemes could all be viewed as our potential down-stream partners. Among them are the people who offer FIDO2-compatible solutions.
Put together, we could come up with the two-factor authentications that are much more reliable than otherwise.