Ditching Password for Ditching Security and Democracy ?
Let me try to dissect where, why and how so many people have been misguided to assume that they would be able to achieve a better identity security by ‘ditching/removing/eliminating/killing’ the password (secret credential) altogether.
Let’s first examine this proposition — “The smaller the attack surface of an authentication factor is, the less vulnerable the identity assurance is”.
It appears that both we and they agree to it. Our solution is actually to achieve this objective most effectively.
What about moving next to this proposition? — “The identity assurance would be the least vulnerable if we reduce the attack surface down to absolute zero”.
Both they and we may well agree that it would be very nice if we could achieve it.
Well, what about the third proposition? — “The overall security would increase if we remove the attack surface of the password by ditching the whole of the password.”
Presumably, this is where we and they break up.
We deem that this proposition is invalid unless it is possible for us to remove the attack surface altogether without losing the defence surface that the password provides.
Some people, who may have big voices in the trade of cybersecurity, seem to have deemed it valid and jumped on to it.
This misperception spread very quickly among the people who wanted a quick and simple fix to one of the worst headaches of cyber business — “We had to rely on the trio of password, PKI-powered token and biometrics for poor security but we can now rely on the duo of PKI-powered token and biometrics for better security. Really quick and simple — Just ditch the password. That’s all”.
It’s obvious that the same logic can apply to the removal of a token which has its own attack surface, one of which is its physical theft. But, mysteriously, it seems that they show no interest to give any thought to this observation.
With their voices growing louder and louder, we now have to ask “Would you be happy to weaken the defence of democratic nations from within when dreadful adversaries are attacking our defence line?”
Should some of you have a different dissection of this awkward situation, please let me know. It will be very much appreciated.
Ref: “Attack Surface and Defence Surface Visually Explained”
and “Your Problem that You Speak Up” https://www.linkedin.com/posts/hitoshikokumai_democracy-privacy-ethics-activity-6935117823224487936--0TE