‘Password-less Authentication’ and ‘Biometrics as a Password-Killer’ These are two of the major distracters in digital identity, which have been absorbing the people’s attention and deflecting them from focusing on the truly valid digital identity solutions. < Link > *1 Biometrics in Cyber Space - "below-one" factor authentication https://youtu.be/wuhB5vxKYlg *2 How risk-based authentication has become an essential security tool https://www.csoonline.com/article/3271134/how-risk-based-authentication-has-become-an-essential-security-tool.html *3 Departure from Text Passwords https://www.paymentsjournal.com/departure-from-text-passwords/ *4 Caveat on Risk Based Authentication https://www.slideshare.net/secret/iOUZflQp5l6A8r

1. Distracters in Digital Identity
‘Password-less Authentication’ and ‘Biometrics as a Password-Killer’ – We
have been repeatedly taking them up as two of the major distracters in
digital identity. These two unfounded allegations have been absorbing the
people’s attention and deflecting them from focusing on the truly valid
digital identity solutions.
Something detrimental should be removed, whereas something insufficient
could be supplemented and enhanced. Mixing up the former and the latter,
we would witness a very queer situation in which something detrimental is
enhanced and something insufficient is removed.
In physical space, nobody dare to allege that a lock/key system used for our
homes is insufficient and therefore should be removed altogether for higher
home security. Every one of us agrees that the weak lock/key system should
be supplemented and enhanced by adding something else.
In cyberspace, however, there are people who allege that something
insufficient should be removed for achieving higher security. That is
“Password-less authentication”. With the password removed, the identity
authentication would become much more convenient indeed. Sadly, not just
for us but also for criminals.
“Password-less authentication” has an even more grave problem; it could
mean “Will/Volition-less” authentication, which is not consistent with the
values of democracy. We would see a 1984-like dystopia where our identity
authentication is completed without our knowledge or against our will.
The myth of ‘Biometrics as Password-Killer’ would be killed in 2 minutes
with this video (*1)

2. We have recently come to notice a wrong interpretation (*2) of Risk Based
Authentication (RBA) as another distracter in digital identity, though not as
bad as the two hypes abovementioned.
There is nothing wrong with the RBA itself. The distracter is a
‘misunderstood RBA’. A correctly understood RBA could be effectively
deployed with Expanded Password System (*3), which is in the stage of Draft
Proposal at OASIS Open Projects, where the sort of balance between security
and convenience is preferred. Just in case we offer a caveat on the
‘misunderstood RBA’here (*4)
< Hyperlink >
*1 Biometrics in Cyber Space - "below-one" factor authentication
https://youtu.be/wuhB5vxKYlg
*2 How risk-based authentication has become an essential security tool
https://www.csoonline.com/article/3271134/how-risk-based-authentication-has-become-
an-essential-security-tool.html
*3 Departure from Text Passwords
https://www.paymentsjournal.com/departure-from-text-passwords/
*4 Caveat on Risk Based Authentication
https://www.slideshare.net/secret/iOUZflQp5l6A8r