|
|
|
|
|
|
by petschge
2437 days ago
|
|
|
Nope, they are quite different exactly because "something you are" is attached to you and "something you have" is not. One can be swapped out if compromised or get lost. The other can not (intentionally or unintentionally) be replaced, but -- because it is something biological -- undergoes slow changes over time. These differences are sufficiently large that it makes sense to split it into two categories when modeling the whole system from a security -- or usability -- standpoint. |
|
|
And can be compromised without theft, coercion or any other trace.
> One can be swapped out if compromised or get lost.
Which makes something you are strictly worse than something you have.
> undergoes slow changes over time
You are lacking an argument for anything attached to this point.
> ...it makes sense to split it into two categories
So you are arguing that because something is strictly worse from a security standpoint, it should be categorised as a new category? Have I summed up your position correctly?
There are usability benefits which would exist similarly by attaching something which couldn't be easily compromised to your body. For example a chip under your skin or just carrying a watch on your wrist which you could authenticate with after putting it on and which would un-authenticate automatically when it is taken off. Nobody would argue that you are your chip or your watch.
Something you know is different because there are no plausible ways aside coercion and similar for extracting such secrets in idle, and the other alternative is to get compromised on usage. It's about the threat models.