Hitoshi Kokumai

3 months ago · 2 min. reading time · visibility ~10 ·

chat Contact the author

thumb_up Relevant message Comment

Step-by-Step Analysis of Why and How Biometrics Brings Down Security

FRR (False Rejection Rages)


False Acceptance Rates and False Rejection Rates






38 (Equa ror Rates)

(more accurate)



00 100 ar 100 10
FAR (Fale Accegtarce Rates)

This is a follow-up of my earlier post – “Reality that so many security experts opt to not speak” 

  1. Biometrics is probabilistic; it measures unpredictably variable body features of living animals in ever changing environments.
  2. Therefore, biometrics does not escape the trade-off between False Acceptance (False Match/False Positive) and False Rejection (False Non-Match/False Negative), outline of which is shown in the graphs above.
  3. The presence of False Rejection forces a fallback measure to be pr-provided in case the correct user gets rejected. 
  4. Biometrics and a fallback measure need to be used together in a ‘multi-entrance’ deployment, as against a ‘multi-layer’ deployment.  The former increases the attack surface (= brings down defense), while the latter decreases it (=brings up defense).
  5. Unless a default password/PIN is invalidated not to work as a fallback measure (with availability sacrificed), the overall security is lower than that of the default password/PIN used on its own.

As such, it is not that biometrics is not so secure as it claims to be, but that biometrics destroys the defense which a default password/PIN has otherwise provided.


Worry about a backdoor?


Key References 

 “What we need to do for NOT achieving Solid Digital Identity”

Removal of Passwords and Its Security Effect 

Negative Security Effect of Biometrics Deployed in Cyberspace

External Body Features Viewed as ‘What We Are’


Distracted “A

Additional References

For Achieving Solid Digital Identity on Information Security Buzz (Mar/2021)

What We Know for Certain about Authentication Factors

Digital Identity for Global Citizens
 Image-to-Code Conversion by Expanded Password System

Summary and Brief History - Expanded Password System

Proposition on How to Build Sustainable Digital Identity Platform

Account Recovery with Expanded Password System 

 History, Current Status and Future Scenarios of Expanded Password System 

Availability-First Approach 

Update: Questions and Answers - Expanded Password System and Related Issues 


“Expanded Password System

wane = Only I can select all of
BS] them correctly

Broader choices with both images and characters accepted






Easy to manage relenons between accounts and corresponding passwords.


Torturous login is history. Login is now comfortable, relaxing and healing



 < Videos on YouTube>

Slide: Outline of Expanded Password System (3minutes 2seconds)

Digital Identity for Global Citizens (10minutes - narrated)

Demo: Simplified Operation on Smartphone for consumers (1m41s)

Demo: High-Security Operation on PC for managers (4m28s)

Demo: Simple capture and registration of pictures by users (1m26s)

Slide: Biometrics in Cyber Space - "below-one" factor authentication

Secret Credenti



Episodic Memory
thumb_up Relevant message Comment

More articles from Hitoshi Kokumai

View blog
4 hours ago · 3 min. reading time
Hitoshi Kokumai

Larger Attack Surface on User’s Device

I today take up this The Register report - “Client ...

1 week ago · 2 min. reading time
Hitoshi Kokumai

Nonpredictable Passwords Carried Around on Memo

I got interested in this article -on the password ...

3 weeks ago · 2 min. reading time
Hitoshi Kokumai

Password Manager or Expanded Password System

“Expanded Password System is no bad, but we do not ...