Identity or Access: What Does Your Security Verify?

Passwords have been around since computers were created.  But what do they measure?  In a perfect world, the only person accessing information should only be the person who is authorized to access it.  In other words, you hope that your security system is verifying the identity of the user.

However, the very nature of passwords prevent true identity assurance.  In essence, they only verify the “access authority” of the person.  A password is much like a house key.  Anyone with your username and password can access everything you are trying to protect.

Human identification can never be reflected by WHAT you know (passwords), WHAT you have (key fob, two-factor) or WHAT you are (biometric) simply because it is a form of static credential that can be shared or copied. A novel method of proving a person’s Identity can be discriminated by HOW the person “knows” what they know.

HOW is a complex, unique, dynamic intellectual process possessed by each individual – a process that is resistant to human impersonation. Properly implemented and layered in a network, this method eliminates the access breach/vulnerabilities inherent in all forms of static credentials.

The password does not guarantee that only you have access.  It is simply a key that can be used by anyone.  We call username/password combinations “static credentials.”  Anyone could write them down on a sticky note, hand them to a friend, giving that friend full access, much like that house key.

Biometrics are not that much better.  Fingerprint and iris scans are stored as basically static credentials.  A person with access to these digital keys has the same access as you do.

Identity assurance can only be achieved when you go from static credentials to dynamic credentials tied directly to a person.

NimbusID uses the AIRiD method of identity assurance. The cognitive ability to “Associate and Interpret what you Recognize,” is similar to a a fingerprint, except this method comes in the form of a Cognitive ID, and is almost impossible to duplicate. Basically, this model uses a person’s unique connections between events and things to create a dynamic credential. Learn more here or watch the 5-minute video.

Today, static credentials are being traded on the dark web as currency.  Identity assurance plugs this hole in your security strategy, reducing your legal and reputational risks in today’s online world.

About the author: Eric Spellman