Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

Possibility of Security Fiasco

We have periodically talked about the sorcery-like illogical arguments haunting the domain of identity assurance.

We now hardly see the people who insist that the password can be displaced by two/multi-factor authentications or ID federations. The voice is now much smaller that PIN (numbers-only weak password) can displace the password.

However, we know that there are still a lot of people who loudly allege that the password can be displaced by the biometrics operated in cyberspace together with a fallback password.

Many of them are found at world famous corporations like Microsoft, Apple, Google and a number of government agencies and financial institutions in addition to the very vendors of biometric solutions. Most worryingly, not a few security experts appear to have opted to be in silence.

We wonder if we would be able to prevent the security fiasco before it is too late.

  • Sé el primero en comentar

Possibility of Security Fiasco

  1. 1. User-Friendly or Criminal-FriendlyUser-Friendly or Criminal-Friendly - Possibility of Security Fiasco -- Possibility of Security Fiasco - Undue user-friendliness could often please criminals above all. Beware of biometrics operated in cyberspace together with a fallback password registered in case of false rejection. 11th January, 2016 Mnemonic Security, Inc., Japan/UK
  2. 2. What is the issue?What is the issue? Biometric solutions deployed in cyberspace are generallyBiometric solutions deployed in cyberspace are generally operated together with a fallback password.operated together with a fallback password. When those solutions are offered explicitly as the tools forWhen those solutions are offered explicitly as the tools for better convenience, there would be no problem at all. Webetter convenience, there would be no problem at all. We could welcome them.could welcome them. If, however, offered explicitly as the tools for “better security”,If, however, offered explicitly as the tools for “better security”, we would need to worry a lot. It could well end up pleasingwe would need to worry a lot. It could well end up pleasing criminals through a false sense of security.criminals through a false sense of security.
  3. 3. What is the prospect?What is the prospect? It is very worrying that “quasi-security solutions” that couldIt is very worrying that “quasi-security solutions” that could please criminals are reportedly welcomed by a number ofplease criminals are reportedly welcomed by a number of people at government agencies and financial institutions whopeople at government agencies and financial institutions who need to be most security-conscious.need to be most security-conscious. The situation seems to be getting worse with not a few securityThe situation seems to be getting worse with not a few security experts being in silence and the misguided media reportersexperts being in silence and the misguided media reporters adding fuels to the fire. We raise this theme yet again,adding fuels to the fire. We raise this theme yet again, expecting to help prevent the security fiasco.expecting to help prevent the security fiasco. For more information, have a quick look atFor more information, have a quick look at http://www.slideshare.net/HitoshiKokumai/password-dependent-passwordkiller-46151802http://www.slideshare.net/HitoshiKokumai/password-dependent-passwordkiller-46151802 http://www.slideshare.net/HitoshiKokumai/biometrics-false-sense-of-securityhttp://www.slideshare.net/HitoshiKokumai/biometrics-false-sense-of-security Thank youThank you

×