Japan’s Flaky ID Card Scheme — What Lies at its Root?
“Fujitsu admits it fluffed the fix for Japan’s flaky ID card scheme” https://www.theregister.com/2023/06/30/fujitsu_japan_micjet_id_card_pause/
Being a Japanese identity guy, I feel pressed to say something about these embarrassing developments in identity assurance in Japan.
At the root of all those visible problems lies an invisible structural failure, that is, the overall system was conceived and designed by the people who are not just security-illiterate but science-illiterate.
Those who are indifferent to what is required for identification and for authentication.
Those who are indifferent to what a probabilistic factor means as against deterministic factors.
Those who are indifferent to the difference between two factors deployed in a two-layer/in-series formation and in a two-entrance/in-parallel formation.
In brief, those who adamantly deny the scientific observation that biometrics used with a default/fallback password in a two-entrance/in-parallel formation would only provide the overall identity security lower than a password-only authentication.
Those people are also the believers of a myth of PIN, that is, “PIN must be easier to remember than an alphanumeric password because it is simpler and shorter” — They seem to be just ignorant of ‘Interference of Memory’.
PIN may be easier to remember if we have to manage just one. But, what would happen when we are told to mange 2, 3, 4 and more? — Most citizens would have to rely on practicable, if very unsafe, solutions — “Reuse the same PIN across all the accounts” or “Write all PINs on a memo and carry it around with the cards requiring those PINs”. Or “Get a new PIN issued every time it is needed” to get the help desks overwhelmed.
The Japanese ID card system was conceived, designed, produced and implemented by those science-illiterate people. It would be a miracle if it worked nicely.
Ref: “In-Series’ vs ‘In-Parallel’ and Those Reputed Cybersecurity/Cryptography Professionals? “(6June2023)https://www.linkedin.com/posts/hitoshikokumai_identity-authentication-password-activity-7071783812686385152-6o-4
Well, I did try to help. But my offer of help was responded by the sheer silence of those people who knew that I flatly denied all their misbeliefs. I am now working from UK.
