Dementia and Authentication
“Your solution, Expanded Password System, has a big drawback of being useless for the authentication of people with advanced dementia.” — This is what I kept hearing over 20 years, mostly from the people who promote passwordless and biometrics authentication schemes.
“When people become unable to recognise the unforgettable images of their episodic memory that they had volitionally registered as login credentials, it is probably the time that guardianship should be considered for them. While it’s possible to get them ‘identified’, getting them ‘authenticated’ should be viewed as a crime in a democratic society”. — This is what I kept answering over the 20 years.
The issue of ‘identification vs authentication’ had again emerged from this post — “Latest News on Follow-Up with ENISA” https://www.linkedin.com/posts/hitoshikokumai_democracy-privacy-ethics-activity-6960063503529373697-xjfJ
In response to a voice of “how many distinguish ‘authentication’ vs ‘identification’? Having a vested interest does not make those people right”,
I mentioned “There may be two groups of security professionals -
(a) those who unknowingly mix up identification and authentication, and push themselves into a cognitive pitfall,
(b) those who knowingly mix up the two and sell the product designed for identification to the people who need the solutions for authentication.
The effect of “Not Distinguish ‘Identify’ and ‘Authenticate’” on the public is the same in both cases, though” — a wide spread false sense of security.
Digital identity blogs collected at https://www.linkedin.com/pulse/collection-digital-identity-comments-hitoshi-kokumai-posted-kokumai/