Some More Topics on Digital Identity #8–2

Hitoshi Kokumai
2 min readJan 10, 2023

Let me try a breakdown of the passwordless concept.

(1) Password-less + nothing else; the least secure

(2) Password-less + something else; securer than (1)

(3) Password + something else: here is the point of arguments

By our criteria, the security increases from 1 to 3. However, by the “passwordless” folks’ criteria, the security of (2) is viewed as higher than (3), presumably because an attack surface of the password is removed in (2) whereas there is an attack surface on the password in (3).

Well, let me try the same for “token-less” login.

(1) Token-less + nothing else; the least secure

(2) Token-less + something else; securer than (1)

(3) Token + something else: here is the point of arguments

By our criteria, the security increases from 1 to 3. However, by the “passwordless” folks’ criteria, the security of (2) should be viewed as higher than (3) because an attack surface of the token is removed in (2) whereas there is an attack surface on the token in (3).

Did you find it fun or very worrying?

Ref: “I support Passwordless Authentication where Convenience Matters More than Security”

https://www.linkedin.com/posts/hitoshikokumai_democracy-privacy-ethics-activity-6994861022486421504-GFE9

………………

As an appendix to the series of ‘Identity Assurance by Citizens’ Non-Volatile Autobiographic Memory #1 — #19’, I am discussing some more topics on digital identity. It may well tell much more about the very broad scope of our activity

*P32 of “Fend Off Cybercrime with Episodic Memory”

https://www.slideshare.net/HitoshiKokumai/slide-share-updated-fend-off-cybercrime-with-episodic-memory-29aug2022

Video: https://drive.google.com/file/d/1FEYKjBOEVXVEljRt2_nu1uSXvtUNN73Q/view

/

--

--

Hitoshi Kokumai

Advocate of ‘Identity Assurance by Our Own Volition and Memory’, Inventor of Expanded Password System and Founder of Mnemonic Identity Solutions Limited in UK.