Advocate of Identity Assurance by Citizens' Volition and Memory. Founder and Chief Architect at Mnemonic Identity Solutions Limited
< What can ‘probabilistic authenticators’ achieve in cyberspace? > A big question is often missing in the discussions about the deterministic authenticators (passwords/PIN and tokens) and probabilistic authenticators (biometrics); Are the users to blame when the login fails?’ Where the rejected users are solely to blame, their login would be justifiably denied. On the other hand, where the rejected users are not solely to blame, they should be given a fallback measure with which they can access what they must be able to access. In cyberspace, passwords/PINs are the fallback measures for the self-rescue in most cases. Where biometrics is used together with a default/fallback password/PIN in a ‘multi-entrance’ deployment, we will see the security getting brought down to the level lower than a password/PIN-only authentication. It is, as it were, a below-one factor authentication. This is what the probabilistic biometrics achieves in cyber space. Criminals will benefit. https://lnkd.in/fb65Ddq #identity #authentication #password #security #biometrics #ethic #privacy #democracy #emergency #disaster #panic #defense #government #pandemic #teleworking
Antoine Lawandos
4 年
Hitoshi Kokumai, Continue spreading awareness because techillusionists will continue to spread false sense of everything including of security. Techillusionists only care for their short term self centred interests, they are not driven by the ethics you ask about in your post, they will try to mislead anyone if this can help them achieve their sales quota for the quarter, or anything that can serve their own goals, regardless of the harms they may inflict to the community. Unfortunately, they get quite numerous nowadays, and when they are empowered they can intoxicate everything
-
4 年I agree here. Multi-entrance systems, just like in physical applications, make for less overall security AND increase the cost of developing, maintaining, and protecting the system, etc. If multi-entrance must be done, each reason for the entrance should be justified, documented, and tracked for future improvement -- and - each should be multi-factor where possible.