Finished the promo video for my ebook “Proving Humanity: The Six Factors of Identity Verification and Authentication.”
Learn more at: https://bredemarket.com/proving-humanity-book/
Purchase My New Ebook On the Six Factors of Identity Verification and Authentication
I revealed a few days ago that I’ve been writing an ebook since last December. I finally finished it and priced it—not at $100,000 per copy, but at a much more reasonable $4.96.
The topic? Proving humanity.
Despite the ever-increasing number of bots, I value humanity and think that a human brings something that a bot never could.
But before we stop relying on bots and start relying on humans, we need to know whether those humans are real, or if they are bots themselves.
To do this, we have to know who those humans are.
And we perform this via identity verification and authentication.
My ebook addresses this. It’s called “Proving Humanity: The Six Factors of Identity Verification and Authentication.”
And yes, I said SIX factors. Read the book.
To learn more about the book, visit my information page.
Or go directly to my Gumroad page and buy the book for the aforementioned $4.96 price.
Factors Are Independent
One important thing about factors is that they are independent of each other.
The fact that a person has a particular password bears no relation to the fact that a person has a particular fingerprint ridge structure.
And even modalities within a factor may be independent of each other. When Motorola sold its Biometric Business Unit to Safran in 2009, I joined a company (MorphoTrak) that promoted three biometric modalities: finger, face, and iris. While all three biometrics came from the same person, there was no relationship between any of them. Knowing a person’s right forefinger did not tell you what the person’s iris was like. (But beware: driver’s licenses and passports share information, such as dates of birth.)
If you have a critical security issue, you don’t want to depend upon just one factor, or one modality.
Double or triple them up by requiring multiple identity verifications and authentications with unrelated modalities and factors.
Learn more about the six identity factors
Six identity factors. One Bredemarket ebook. Total identity protection. Purchase “Proving Humanity: The Six Factors of Identity Verification and Authentication.”
Why Are Identity Verification and Authentication Critically Important?
Imagine if we didn’t have identity verification and authentication.
I could walk into a luxury car dealership and buy a car, telling the salesperson that my name is Bill Gates. I could buy the car, and Gates would get the bill.
Sounds great…until someone impersonates YOU and gets YOUR money.
Learn more about the six identity factors
Six identity factors. One Bredemarket ebook. Total identity protection. Purchase “Proving Humanity: The Six Factors of Identity Verification and Authentication.”
Ask the Right Question
If you are asking “how do I use [COOL AI TOOL]”…
…you’re asking the wrong question.
Ask how you will solve a particular business problem.
Maybe you will use AI.
Maybe you won’t.
Maybe you will use Bredemarket.
Master Keys for Fingerprints and Voices
I swear I’ve written about “MasterPrints” before, but I can’t find any such article. Maybe I just discussed it internally at IDEMIA when I worked there in 2018.
“Generative adversarial network produces a “universal fingerprint” that will unlock many smartphones“
“Researchers at NYU and U Michigan have published a paper explaining how they used a pair of machine-learning systems to develop a “universal fingerprint” that can fool the lowest-security fingerprint sensors 76% of the time (it is less effective against higher-security sensors).
“The researchers used “generative adversarial networks” (GAN) to develop their attack: this technique uses a pair of machine learning systems, a “generator” which tries to fool a “discriminator,” to produce a kind of dialectical back-and-forth in that creates fakes that are harder and harder to detect.”
While this happened over seven years ago and is probably harder to implement with today’s technology, I was reminded of this when I ran across this Biometric Update article.
“Voice morphing attack blends identities to bypass voice biometrics: study“
“A new research paper explores a signal-level approach to voice morphing attacks that exposes vulnerabilities in biometric voice recognition systems.
“The abstract describes Time-domain Voice Identity Morphing (TD-VIM) as “a novel approach for voice-based biometric morphing” which “enables the blending of voice characteristics from two distinct identities at the signal level.” TD-VIM allows for seamless voice morphing directly in the time domain, allowing “identity blending without any embeddings from the backbone, or reference text.””
So it, um, sounds like we not only have MasterPrints, but also MasterVoices.
Ideal Bot Profile?
While I’m currently concentrating on HUMAN identities (book on the way), the world is moving in a different direction.
“Everyone (I think?) agrees that defining your ICP (Ideal Customer Profile) is important….
“But there’s an assumption baked into all of this: Your user is human. I think that assumption is breaking.
“As agents begin to interact with products on our behalf – often via protocols like Model Context Protocol (MCP) – your ‘user’ may never actually touch your product.
“Which changes pretty much everything.”
Verna highlights how to market when your ideal “customer” is a bot, and what the bots look for.
“[Other products] will become almost entirely invisible. They exist as infrastructure. As a codified set of rules that is hard to reproduce. They are never opened directly, never explored, never ‘used’ in the traditional sense. They are just… there, powering outcomes. And you know what, I think most of the B2B will fall here.”
So I’m definitely concentrating on people for the next few days, but I haven’t forgotten my bot buddies.
How to Figure Out Someone’s Mother’s Maiden Name
Something you know…and that someone else knows. It can happen.
Many systems require more than one knowledge-based modality, which is why they sometimes ask for other things like your mother’s maiden name.
This of course is not foolproof. Your sister that hates your guts, for example, obviously knows your mother’s maiden name. And even complete strangers, especially those with nefarious intent, can deduce your personal information.
Let me introduce you to Doug.
How Doug learned Donna’s mother’s maiden name…and more
Assume that Doug wants to hack Donna’s account but needs some personal information to do so. This is somewhat tough, since Donna’s Facebook account is private and can only be seen by her friends. Well, Doug knows that Belle is a friend of Donna’s, and Belle’s Facebook password is “password1.” Problem solved.
Doug uses Belle’s account to read Donna’s posts and finds some remarkably interesting ones. Not that she’s posting her Social Security Number or anything, but what did she post?
- “Happy birthday to my mom!” (This particular post was loved by Jane Davis, who wrote “Thank you dear daughter.”)
- “Happy 30th birthday to me!”
- “Hey, look at this picture of my new driver’s license. My picture actually looks halfway decent.”
- “Hey, look at this picture of my senior citizen bus pass. Yeah, I’m old.”
- “I cried when I looked at this old picture of my dog Scamper, taken in front of my childhood home on Mulberry Street.”
If you’re keeping score at home, Doug now knows the following information about Donna:
- Her mother’s maiden name.
- Her date of birth (from her birthday post and her driver’s license picture; her senior citizen’s bus pass doesn’t have her birthdate but does have her birthday).
- Her driver’s license number.
- The name of her favorite pet.
- The name of the street she lived on as a child.
More than enough for Doug to impersonate Donna.
Learn more about the six identity factors
Six identity factors. One Bredemarket ebook. Total identity protection. Purchase “Proving Humanity: The Six Factors of Identity Verification and Authentication.”
Types of Knowledge-Based Modalities
Something you know.
We know a lot of things, we can tell the system the things we know, and the system can confirm that the person accessing the system knows these same things.
Here are a few examples of knowledge-based information:
- Passwords.
- Personal Identification Numbers (PINs).
- Social Security Numbers.
- Driver’s License Numbers.
- Dates of Birth.
- Employee IDs.
- Mother’s maiden name.
- Name of your favorite pet.
- Name of the street you lived on as a child.
Some of these pieces of personally identifiable information (PII) are more commonly known than others. The, um, secret is to choose a piece of knowledge that ONLY YOU know.
But remember: anything that you know is potentially known by others.
Learn more about the six identity factors
Six identity factors. One Bredemarket ebook. Total identity protection. Purchase “Proving Humanity: The Six Factors of Identity Verification and Authentication.”
Why Identity/Biometric Product Marketers Should Target Organizations Instead of Enterprises
Since I am not really a business-to-consumer guy, I tend to think of hungry people (target audiences) who number in the hundreds or thousands rather than millions. For example, if you want to sell your identity/biometric solutions to banks with total assets of over US$100 billion, there are only about 100 of them.
Marketing products in this environment requires a completely different mindset. Rather than hiring a Kardashian or Jenner as your influencer or spokesperson, you’d hire a Buffett. (If you could. You probably can’t, unless he owns the company.)
Therefore you need to concentrate on the players who make buying decisions, from the CxO level down to the users. That is the way to get your product into the enterprise.
But if enterprise penetration is your goal, you’re doomed to failure.
Why an enterprise-only strategy will fail
For example, enterprises usually don’t buy automated biometric identification systems. Government agencies do.
Believe me, I know. Many identity/biometric firms sell to the U.S. Department of Homeland Security, and their orders have been disrupted on and off since last October.
One acronym that I love to use is B2G—business-to-government. But I’ve learned the hard way that many people have never heard this acronym before. (Scan the job descriptions and spot the ones for marketing to government agencies that require “B2B” experience.)
So Bredemarket doesn’t seek clients that only sell to enterprises. I seek those that sell to organizations, both private and public.
If your identity/biometric or technology company markets products to organizations and you need strategic and tactical assistance, talk go Bredemarket.
Bredemarket 