Convenience is the Weakest Link in Security
Debesh Choudhury, PhD
Information Security Researcher, Academician, Entrepreneur | Password & Cybersecurity, Digital Identity, Biometrics Limit, 3D Education | Linux Trainer | Writer | Podcast Host
You have got a very secure lock and key. You can lock and unlock it just by waving one of your hands or blinking of your eyes. It is fun and so convenient. So you need not worry at all. Now you install the same lock in every secret place of your property. Your property is fully safe under this 'hand waving or eye blinking lock and key'. You can now sleep in peace. But be careful. Convenience can be the weakest link in security.
Can you delegate the security responsibility to a deserving candidate and sleep in peace?
The prime minister delegates the security matters to the home minister. So the prime minister needs no care to be taken with the security subjects of the country. The one person called the home minister would take care of everything regarding security. The prime minister can sleep (or do other works) in peace. But the reality is that the prime minister must review the security matters himself/herself regularly.
Should you delegate the responsibility of securing your online identity to biometrics and sleep in peace?
Biometrics is so convenient to use. The promoters say "this is very secure". They instigate you to throw away the passwords and adopt biometrics as the only authenticating measure. But they still attach a text password/PIN as a fallback measure! The financial service providers are charmed to pilot test biometrics as a transaction authenticating tool. And many of you provide 'positive feedback' because of its 'convenience' factor. Is convenience all that is required in security? Can you afford to sleep in peace with a convenient lock and key?
Should you buy 'convenience' at the cost of security to kill passwords?
The passwords seem insufficient but passwords are not harmful. Biometrics is not sufficient, they still require a text password/PIN as a fallback measure. But biometrics is harmful in the context of biometric data breach / leaking induced spoofing problems. Should you kill the passwords for the sake of convenience? It can result in a disastrous single point of failure. And if the promoters provoke you to attach text passwords as a fallback measure with biometrics, then the matter becomes a joke!
Is it worth buying 'convenience' at the cost of 'security'?
This is a high time we must think about security matters cautiously. Killing passwords is easy, but getting the same level of security with a convenient system is not just possible. Can we afford to depend on a convenient but harmful system to take care of our online identity? The provocation of convenience is not only a hype, it is too dangerous to incorporate as the only authenticating measure.
I would love to get your views and suggestions. If you like this article, please click "Like" or any other LinkedIn "reactions", and "Share" it among your acquaintances and network.
----------------------------------------
Join me on Twitter, Medium, Facebook, beBee, Steemit and LinkedIn
More of my articles on Digital Identity, Biometrics and allied topics:
- Biometrics Liveness Detection May Help Criminals
- Can Liveness Detection Defeat Biometrics Spoofing Attacks?
- Biometric Data Breach Conundrum
- Is Biometrics More Secure than Text Passwords?
- Self-Sovereign Identity Depends on National Policies
- The Password Hole in the Cyber Bag
- Identity Dilemmas: Biometrics, Texts or Something Else
- Brand Identity, Digital Identity and Crypto Aspirations
- Digital Identity, Assets and Governance
- Decentralized Digital Identity: Which Distributed Ledger is Most Viable?
- Decentralized Biometrics: Is It the Ultimate Solution?
- Biometric Data Protection is a Big Challenge
- Reset Biometric Traits?
- Spoofing Biometrics isn't Impossible
- Privacy protection could have saved Aadhaar data breach
- Data Protection is a Big Challenge
For more articles, stories, and insights follow #DebeshChoudhury
* * * * * * * * * * * * * * * * * * * * * *
I am a researcher and academician of electronics and applied photonics. My current research focuses on Privacy Protected Digital Identity. My friend Jose Munoz Mata and I are researching distributed ledger technology for decentralized digital identity and other real world applications.
In June 2015, Dr. Jeffrey Strickland and I founded a new LinkedIn Group called "The Unfluencers". To learn about the history of "The Unfluencers" please read the seminal LinkedIn article by Dr. Jeffrey Strickland entitled -- "Who are the Unfluencers". This group is an open group. You are welcome to join this group and engage yourself in the discussions. The Unfluencer?? Logo is a registered trademark of Dr. Jeffrey Strickland.
Text Copyright ? 2019 Debesh Choudhury— All Rights Reserved
#passwordsecurity #biometrics #digitalidentity #dataprivacy #datasecurity #informationsecurity #technology #innovation #infosensys #dazlabsasia #learningtimes #debeshchoudhury #josemunozmata
Advocate of Identity Assurance by Citizens' Volition and Memory. Founder and Chief Architect at Mnemonic Identity Solutions Limited
5 年In general, convenience and security are in the trade-off relation. But this observation does not prevent us from finding the better position of fulcrum of the two opposing moments. It seems that we have got to the stage that we could start to talk about the better position of fulcrum for coming up with a well-thought convenience as against the poorly-thought convenience. By the latter, I mean the sort of convenience such as just putting our finger on a sensor or just looking into a camera, which could end up with getting us trapped in a tremendous inconvenience as the results of 'an extra vulnerability brought by the multi-entrance deployment with a fallback password' besides 'spoofing' and 'data leak'. Getting rid of the password altogether could bring a far bigger problem as the price of splendid convenience. By the former, I mean the attempt to shift the fulcrum in order to minimize the convenience offered to criminals while maintaining or desirably increasing the convenience offered to citizens.
Helping mid-sized organizations increase sales and improve customer service since 1993 | #LinkedInLocal
5 年A Chinese facial recognition system in a Canadian food store? Yes it's convenient ... but will Canadian faces end up in some facial recognition database in China? ----- SnapPay launched the facial recognition technology earlier this month, which it says will allow customers to quickly pay for goods using a snapshot of their face, minimizing the time spent at checkout. Customers will be able to submit a three-dimensional scan of their face and then link it to their payment account. When in store, a relatively quick scan of a customer’s face will process the payment. The technology was developed by SnapPay in Toronto, with some of the hardware coming from China, where facial recognition systems are more commonplace. From: https://finance.yahoo.com/news/pay-with-your-face-coming-to-canada-not-everyone-on-board-142613931.html
Information Security Researcher, Academician, Entrepreneur | Password & Cybersecurity, Digital Identity, Biometrics Limit, 3D Education | Linux Trainer | Writer | Podcast Host
5 年Look out for an authentication system that can manage security in a more robust way not in a 'convenient' way. For that matter, don't shy away to use a bit old fashioned #passwordsecurity , .. because #securitybydesign?matters over #convenience?