Web Blog_blogentry_040417_1


Nishant Kaushik [1]#

"What that means is that after sending her through a strong Identity Proofing process (like in the banking example above), part of what came out of it is a weak authentication credential. The strength and rigor of those credentials have nothing at all to do with the strength and rigor of the process that was used to establish them. In other words, there is absolutely no correlation between the assurance of the identity and the assurance of the authentication. We simply cannot solve our security woes without addressing this mismatch."

From what I believe he is implying, is that regardless of the Identity Proofing during the Credential Enrollment, there is a "weak" credential issued and / or there is a weak assurance between the credential and the Authenticator.
Or are they the same. They do have the same outcomes. That is a weak credential or a weak connection between the credential and the Authenticator

I know at a bank I use, the only Authentication Method that I can use is password-based

More Information#

There might be more information for this subject on one of the following: ...nobody