Identity Assurance — Sufficient and Necessary Conditions

It is not easy to define the ‘sufficient condition’ for describing a set of processes used to establish that a natural person is real, unique, and identifiable; criminals keep coming up with hitherto unknown weapons to compromise the said processes.

But we are easily able to define the ‘necessary condition’; it is that the ‘secret credential’, i.e., the likes of passwords, is absolutely indispensable for the processes to stay reliable, without which identity assurance would be a disaster.

Using another authenticator together with the secret credential does not automatically bring a higher security; The positive security effects of using two authenticators in ‘two-layer’ deployment is obvious, whereas the negative security effect of using two authenticators in’ two-entrance’ deployment is also obvious.

Click the link for more https://www.linkedin.com/pulse/identity-assurance-sufficient-necessary-conditions-hitoshi-kokumai/