Our password headache may well be the consequence of these dual causes — ‘Use of Impracticable Password’ and ‘Non-Use of Practicable Password’
Everyone grumbles at the former, while few are well awake to the latter.
For more about the latter, you could refer to this post –https://www.linkedin.com/posts/hitoshikokumai_mnemonic-identity-solutions-activity-6815444973333434368-prkp">“Torturous login is history”
Bad guys, who have a quantum computer at hand, would still have to break the part of user authentication that is not dependent on the public-key scheme, prior to accessing the target data, in the normal environment where secret credentials play a big role; quite a few cryptography-obsessed security people are often indifferent to this simple and plain observation.
Whether quantum computing makes a quick progress as anticipated or not, the solid digital identity with secret credentials will remain critical
This is a follow-up of my earlier post “Threat Bigger than Quantum Computer”
Taken up today is this TechRepublic report on voiceprint as a new password — https://www.techrepublic.com/article/your-voiceprint-could-be-your-new-password-as-companies-look-to-increase-security-for-remote-workers/
Instead of “Your voiceprint could be your new password as companies look to increase security for remote workers”, I would have mentioned as follows.
“Your voiceprint could be your second password as the second entrance for bringing down security as companies look to increase security for remote workers”
Biometrics does indeed provide security advantage,
not to good citizens,
but to bad guys
as examined here — “Get graphs to talk the nature of probabilistic biometrics”
Biometrics is ‘probabilistic’ by nature since it measures unpredictably variable body features of living animals in ever changing environments.
– FAR and FRR are not the variables that are independent from each other, but are dependent on each other
– the lower a FAR is, the higher the corresponding FRR is. The lower a FRR, the higher the corresponding FAR.
— when a FAR is close to 0 (zero), the corresponding FRR remains close to 1 (one). When an FRR is close to 0 (zero), the corresponding FAR remains close to 1 (one).
– The presence of False Rejection, however…
We today take up this report “NSA: We ‘don’t know when or even if’ a quantum computer will ever be able to break today’s public-key encryption” https://www.theregister.com/2021/09/01/nsa_quantum_computing_faq/
Conclusion of this report: “In a world where users will divulge their passwords in return for chocolate or in response to an enticing phishing email, the risk of quantum computers might not be our biggest threat.”
We’ve come up with a slide presentation for “Bring a healthy second life to your legacy password system”
“We do not have to replace or rebuild the existing text password systems for making use of episodic memory; images of our episodic memory can be turned into a high-entropy code with a simple tweak.”
Here is a video version with narration (16 minutes) — https://youtu.be/8UitS_hmCf8
And, this is a text version — https://www.slideshare.net/HitoshiKokumai/bring-healthy-second-life-to-legacy-password-system
For the people who are interested to know more, we also published a comprehensive 3,000-word article on this subject on our website at https://www.mnemonicidentitysolutions.com/File/Bring%20Healthy%20Second%20Life%20to%20Legacy%20PW%20System.pdf
A graph below shows the False Acceptance Rates (FAR) and False Rejection Rates (FRR) of two biometrics products — one relatively more accurate and the other less accurate.
Think Digital Partners, UK, published our observation — https://www.thinkdigitalpartners.com/news/2021/08/25/why-the-password-isnt-an-enemy-of-people/
Discussed here are
“Password-less security is to cyber security what army-less defence is to national defence”
“Biometrics is to password what back door is to front door”
“Non-text secret credentials”
“Bring a healthy second life to legacy password systems”
Observation 1: “Voice ID technology is dramatically cutting fraud in banking”, as claimed in this article. https://www.thinkdigitalpartners.com/news/2021/08/18/biometrics-finding-its-voice/
Observation 2: Biometrics brings down identity security, as examined in this post — “Step-by-Step Analysis of Why and How Biometrics Brings Down Security”
This conflict will be quickly sorted out if we assume that cases of bank fraud are dramatically cut by the other security measures implemented along with voice biometrics.
If ‘the other security measures’ had been implemented on their own without involving security-lowering voice biometrics, cases of bank fraud could well have been cut even more dramatically.
Probabilistic Nature of Biometrics
I take up this report today — “SBI suggests 8 ways in which you can create an unbreakable password” https://www.livemint.com/money/personal-finance/sbi-suggests-8-ways-in-which-you-can-create-an-unbreakable-password-11629343136710.html
Such unbreakable passwords as suggested in the link are not easy for humans to remember and recall, and would be written down on a memo and carried around in many cases.
At that moment, the unbreakable password has ceased to be ‘what we know/remember’ and has turned into no more than ‘what we possess’.
Furthermore, typing such meaningless passwords is stressful and painful.
Can we be comfortable?
Why not consider ‘Non-Text’ secret credentials?