Role of Secret Credential is Missing in This Report
I owe this report on ‘decentralized identities for the next generation of the internet’ to Bianca Lopes’ Data Game newsletter — https://www.linkedin.com/pulse/data-game-second-edition-bianca-lopes/
Missing in this report is the critical role of a secret credential, usually a password.
- A key authenticates the lock. A lock authenticates the key.
- However sophisticated it may look with an advanced mechanism (or clever cryptography), a key is prone to theft and abuse.
- What can authenticate the person who is now holding the key?
Whether centralised or decentralised, a solid digital identity would be a pipe dream if the authentication scheme comes without the solid secret credential that enables citizens to give a firm answer to the question of ‘Is this person who claims to be?’.
The conventional text password used to make a valid secret credential many decades ago, but it is no longer good enough. (Beware! ‘Not good/helpful enough’ is NOT the same as ‘bad/harmful’)
We propose that we make use of our own non-volatile episodic memory as the seed of solid secret credential — have a glance at Page 6 of this explanatory slide with scripts — “Fend Off Cybercrime with Episodic Memory” https://www.slideshare.net/HitoshiKokumai/slide-share-updated-fend-off-cybercrime-with-episodic-memory-29aug2022
Looking to the security effect of removal of the password? — Then, visit this blog collection on this subject — “LOSS of Security Taken for GAIN of Security” https://www.linkedin.com/pulse/loss-security-taken-gain-hitoshi-kokumai/
Digital identity blogs collected at https://www.linkedin.com/pulse/collection-digital-identity-comments-hitoshi-kokumai-posted-kokumai/