Absence of Wrongly-Configured MFA Helps Identity Security

Hitoshi Kokumai
2 min readDec 16, 2023

--

theregister.com

“Money-grubbing crooks abuse OAuth — and baffling absence of MFA — to do financial crimes” https://www.theregister.com/2023/12/14/moneygrubbing_crooks_abuse_oauth_apps/

It’s amazing that so many security professionals and tech reporters are so ignorant of or indifferent to the opposite security effects of MFA configured in a multi-layer formation and in a multi-entrance formation — Absence of wrongly-configured MFA would help identity security

As we have repeatedly proven, a 2FA made of a deterministic password/pin and a deterministic physical token, PKI-powered or otherwise, that is configured in 2-layer formation, naturally increases the identity security significantly. On the other hand, an MFA which involves probabilistic biometrics and configured in 2-entrance formation inevitably destroys the identity security (*1)

Then, what can we do? — Our suggestion is simple.

1. If you do not involve biometrics in your MFA schemes, you could ignore all that I mentioned about MFA.

2. If you involve probabilistic biometrics in your MFA schemes, you could remove the biometrics altogether and go back to the solid 2FA made of a deterministic password and a deterministic physical token. Then you are out of the quagmire of MFA.

3. In any case, should you be interested to get yourself, your colleagues, employees and clients relieved from the password headache, you could have a glance at our writing on ‘Image-to-Code Converter (*2) and its application as a leak-proof password manager *3)

*1 “Why We Cannot find 3FA Deployed in 3-Layer Formation?” (3Dec2023) https://www.linkedin.com/posts/hitoshikokumai_identity-authentication-password-activity-7136923578544885760-ksPp

*2 “What ‘Image-to-Code Converter’ Offers to Global Population” (27Oct2023)https://www.linkedin.com/posts/hitoshikokumai_image-to-code-converter-31july2023pptx-activity-7123566445531189248-oIxA

* 3 “Release of Beta Mnemonic Gateways” (13Dec2023) https://www.linkedin.com/posts/hitoshikokumai_identity-authentication-password-activity-7140519698529464320-saOM

Kick out the falsehood of biometrics-involved MFA and you will be able to focus on the truly effective identity security solutions.

--

--

Hitoshi Kokumai

Advocate of ‘Identity Assurance by Our Own Volition and Memory’, Inventor of Expanded Password System and Founder of Mnemonic Identity Solutions Limited in UK.