Identity Assurance

(1) Unknown Nature of Biometrics    ( 2) Overlooked Security in Cyberspace    ( 3) Ignored Nature of Humans’ Identity 1.    Unknown Nature of Biometrics It is getting known that NIST no longer allows biometrics to be used on its own but requires it to be used ‘only as part of multi-factor authentication with a physical authenticator (something you have)’ in view of the inherent vulnerabilities of biometrics as stated in 5.2.3 ‘Use of Biometrics’ of Digital Identity Guidelines 800-63B. Privacy issues of biometrics are relatively well known. Not a few people are aware that it will be catastrophic when biometrics data are leaked, since it is impossible to change or cancel biometrics data. (‘when’ rather than ‘if’ in view of the long lists of data breach by sophisticated attacks.) But the security aspect of biometrics brought by the co-use with a fallback password is unknown. It is probably due to the indifference of the participants to those facts as quoted below. FA

Our Expanded Password System “Mnemonic Guard” with which we can make use of episodic image memory in addition to textual memory can be viewed as an enhanced successor to text-only password systems on its own. Furthermore, the Expanded Password System will enable us to see truly powerful multi-factor authentications with a strong unique password being used as one of the factors for all different accounts, whether indoor or outdoor. With the Expanded Password System used as a rescue-password in case of false rejection, biometric solutions will offer good convenience without sacrificing the confidentiality.  We would also be able to see truly reliable decentralized ID federations with a strong unique password being used as the master-password for each of single-sign-on services and password management tools.  The outcome will be the most highly assured identity achieved through the most reliable “shared secrets” The Expanded Password System is inclusive of textual as well as non-te