Skip to main content

What makes ‘what we are’?


It has long been asserted that there are three components for identity authentication – ‘What We Remember’ (Secret Credential), ‘What We Have’ (Tokens) and ‘What We Are ‘(Body Features).

Feeding a correct secret credential is under our control.  So is presenting a correct token to some extent. But our body features are just beyond our control.  Wouldn’t it be more appropriate to call it ‘What Our Body Features Are’?

What we remember’ and ‘What we have’, which are both deterministic, can be used together in a security-enhancing ‘two-layer’ deployment, whereas probabilistic ‘what our body features are’ can actually be used with another factor only in a security-lowering ‘two-entrance’ deployment.

We practically have two factors of ‘what we remember’ and ‘what we have’ as valid authenticators, with ‘what our body features are’ counted in cyberspace as an optional tool to increase convenience at the sacrifice of security.

It might sound a bit outrageous to the old school who have asserted that ‘what we are’ is made of our body features. But we are confident that the public will agree with us at the end of the day.

Click the link for the full text
https://www.linkedin.com/pulse/external-body-features-viewed-what-we-hitoshi-kokumai


Comments

Post a Comment

Popular posts from this blog

Expanded Password System to Complement FIDO2

2 is larger than 1 but is not necessarily stronger than 1, as two children could be overwhelmed by a grown-up. For a two-factor authentication to be really reliable, each factor should be reasonably secure and usable enough. On the other hand, ‘password-less’ authentication, however attractive it might sound, would only benefit bad guys as examined in the link page - https://www.linkedin.com/pulse/removal-passwords-its-security-effect-hitoshi-kokumai/ People who offer a token as 'a factor' of two factor authentication schemes could all be viewed as our potential down-stream partners. Among them are the people who offer FIDO2-compatible solutions. Put together, we could come up with the two-factor authentications that are much more reliable than otherwise.
Post a Comment
Read more

‘Authenticators’ and ‘Deployment of Authenticators’

There are not a few security professionals who wrongly mix up the layer of ‘authenticators’ with that of ‘deployment of authenticators’, talking as though the former and the latter were competing each other, for example, ‘Multi-Factor Authentication is better than a password’ and ‘ID federation is better than a password’. The password is an ‘authenticator’. So are the token and biometrics. Whereas MFA and ID federation like FIDO and Open ID are ‘deployment of the authenticators’ Expanded Password System is to be found on the layer of 'authenticator', while the likes of Open ID and FIDO are all to be found on the upper layer of 'deployment of authenticators' and, as such, the likes of Open ID and FIDO could naturally be our down-stream partners. There are also some people who wrongly allege that removing an authenticator should increase security.   They are plainly misguided as examined here – “Removal of Passwords and Its Security Effect” https://www.linke...
Post a Comment
Read more

Robust 2-Channel Authentication

2 is larger than 1, but not necessarily stronger than 1. https://www.theregister.com/2020/07/20/twitter_security_update_hackers_broke_2fa/ By bringing in the concept of Expanded Password System, we are able to protect important accounts more reliably than conventional 2-factor/step authentications as outlined here – “Advanced Persistent Threats in Digital Identity” https://www.linkedin.com/pulse/advanced-persistent-threats-digital-identity-hitoshi-kokumai/ This is not a hypothesis. It has been quietly but effectively deployed since 2014 for a security-centric corporate network by 1,200 employees.   Needless to say, asymmetric cryptography could be additionally incorporated for yet higher security where needed.
Post a Comment
Read more