identity – Page 7 – Bredemarket

How Many Authentication Factor Types Are There?

(Imagen 4)

An authentication factor is a discrete method of authenticating yourself. Each factor is a distinct category.

For example, authenticating with fingerprint biometrics and authenticating with facial image biometrics are both the same factor type, because they both involve “something you are.”

But how many factors are there?

Three factors of authentication

There are some people who argue that there are only really three authentication factors:

Something you know, such as a password, or a personal identification number (PIN), or your mother’s maiden name.
Something you have, such as a driver’s license, passport, or hardware or software token.
Something you are, such as the aforementioned fingerprint and facial image, plus others such as iris, voice, vein, DNA, and behavioral biometrics such as gait.

Five factors of authentication, not three

I argue that there are more than three.

Something you do, such as super-secret swiping patterns to unlock a device.
Somewhere you are, or geolocation.

For some of us, these are the five standard authentication factors. And they can also function for identity verification.

Six factors of authentication, not five

But I’ve postulated that there is one more.

Somewhat you why, or a measure of intent and reasonableness.

For example, take a person with a particular password, ID card, biometric, action, and geolocation (the five factors). Sometimes this person may deserve access, sometimes they may not.

The person may deserve access if they are an employee and arrive at the location during working hours.
That same person may deserve access if they were fired and are returning a company computer. (But wouldn’t their ID card and biometric access have already been revoked if they were fired? Sometimes…sometimes not.)
That same person may NOT deserve access if they were fired and they’re heading straight for their former boss’ personal HR file.

Or maybe just five factors of authentication

Now not everyone agrees that this sixth factor of authentication is truly a factor. If “not everyone” means no one, and I’m the only person blabbering about it.

So while I still work on evangelizing the sixth factor, use the partially accepted notion that there are five factors.

When Social Platforms Convert Users Into Identity Verification Salespeople

(Imagen 4)

(Author’s preface: I was originally going to schedule this post for the middle of next week. But by the time I wrote it, the end of the post referenced a current event of astronomical proportions. Since said current event may be forgotten by the middle of next week, I am publishing it now.)

As a proponent of identity verification and a biometric product marketing expert I should like this…but I don’t.

I got the message and the message is clear

You get a message on a platform from someone you don’t know. The message may look something like this:

“John ,

“I hope this message finds you well. I came across your profile and was truly impressed by your background. While I’m not a recruiter, I’m assisting in connecting talented professionals with a startup that is working on a unique initiative.

“Given your experience, I believe you could be a fantastic fit for their senior consultant role. If you’re open to exploring this opportunity, I’d be happy to share more details and introduce you to the team directly. Please let me know if you’re interested!”

Let’s count the red flags in this message, which is one I actually received on May 30 from someone named David Joseph:

The author was truly impressed by my background, but didn’t cite any specifics about my background that impressed them. This exact same message could be sent to a biometric product marketing expert, a nuclear physicist, or a store cashier.
The author is not a recruiter, but a connector who will presumably pass me on to someone else. Why doesn’t the “someone else” contact me directly?
The whole unidentified startup working on a unique initiative story. Yes, some companies operate as stealth firms before revealing their corporate identity. Amway. Prinerica. Countless MLMs with bad reputations. Trust me, these initiatives are not unique.
That senior consultant title. Not junior consultant. Senior consultant. To make that envelope stuffing role even more prestigious.

I got the note and the note is even clearer

But I wasn’t really concerned with the message. I get these messages all the time.

So what concerned me?

The note attached to the message by the platform that hosted the message.

“Don’t know David? Ask David to verify their profile information before responding for added security.”

The platform, if you haven’t already guessed, is LinkedIn, the message a LinkedIn InMail.

Let’s follow the trail.

LinkedIn let “David” use the platform without verifying his identity or verifying that Randstad is truly his employer as his profile states.
LinkedIn sold “David” a bunch of InMail credits so that he could privately share this unique opportunity.
Now LinkedIn wants me to do its dirty work and say, “Hey David, why don’t you verify your profile?”

Now the one thing in LinkedIn’s favor is that LinkedIn—unlike Meta—lets its users verify their profiles for free. Meta charges you for this.

But again, why should I do LinkedIn’s dirty work?

Why doesn’t LinkedIn prevent users from sending InMails unless their profiles are verified?

The answer: LinkedIn makes a ton of money selling InMails to people without verified profiles. And thus makes money off questionable businesspeople and outright scammers.

Instead of locking down the platform and preventing scammers from joining the platform in the first place.

It’s like LinkedIn openly embraces scammers.

And everyone knows it.

I Hate Scam Texts

I never saw the text this person received, but you can tell that it claimed to be from McAfee (it wasn’t) and demanded urgent action, presumably asking the recipient to enter PII including financial information.

Scumbags.

Bredemarket Identity Firm Services on LinkedIn

http://www.linkedin.com/showcase/bredemarket-identity-firm-services/

For Identity/Biometric Marketing Leaders Only (July 2025 version)

For identity/biometric marketing leaders only!

Make an impact with the biometric product marketing expert.

Bredemarket’s biometric product marketing expertise: https://bredemarket.com/bpme/

Biometric product marketing expert

Biometric product marketing expert.

Discuss your content-proposal-analysis needs with me before your competitors steal your prospects: https://bredemarket.com/mark/

Stop losing prospects! Use Bredemarket content for tech marketers

Content for tech marketers.

(New landing page.)

Agentic AI NPEs, Ephemeral and Non-Individual

People are people, and why should it be that non-person entities (NPEs) are treated the same? The girl is NOT the robot.

Non-static

In a June 30 LinkedIn post, Eric Olden of Strata caused me to realize that my approach to NPEs is too uniform and needs to be more nuanced.

“Agentic identity isn’t just a new type of NHI. AI agents might functionally fall under the “non-human identity” umbrella—but that label doesn’t really cut it since we’re not talking about static service accounts or API keys.”

In a table published in the original post, Olden semantically defines NHIs as the persistent entities with unchanging privileges. Agentic identities, in Olden’s cosmos, are ephemeral.

But Olden identifies one additional distinction that has nothing to do with lifespan.

“AI agents are digital actors that can reason and make decisions across systems.”

Olden notes that the characteristics of agentic AI offer both power and risk.

Impermanent

ConductorOne shares Olden’s observations on agentic AI:

“Often ephemeral, existing for just seconds or minutes depending on the task.

“Requires role-based or task-specific access, rather than broad or persistent permissions.

“Capable of autonomous decision-making and executing actions in real-time.

“Built to integrate with existing systems and interact securely with other agents.

“Expands the potential for AI solutions by enabling action—not just insight or content.”

Unaccountable

So how do you set up individual accounts for these extremely powerful non-person entities that appear and disappear?

According to Juan Ignacio Torres Durán, you don’t.

“Modern architectures — cloud-native, ephemeral workloads, APIs, containers, robotic processes — don’t fit neatly into the account model. They’re fast, dynamic, and short-lived. They need access right now, based on who or what they are, where they run, and what they do.

“And here’s the shift: We don’t need to create an account for each of them. We just need to recognize the entity, validate it, and project a governed identity that can be used for access decisions.”

So no distinct individuality for NPEs. That’s an interesting…um…world.

Does Zero Knowledge Equal Zero Privacy?

Perhaps you’ve heard the joke about an anonymous survey managed by a company’s personnel department. In the joke, one employee received two emails:

The first was from HR, announcing the anonymous survey.
The second was from the employee’s supervisor, reporting that HR says that the employee is the only person who hasn’t completed the “anonymous” survey.

But maybe it’s not a joke.

Is the zero knowledge/World dream of one unique identity per person actually a curse? According to Biometric Update, Vitalik Buterin of Ethereum fame claims it REMOVES privacy.

“[U]nder one-per-person ID, even if ZK-wrapped, we risk coming closer to a world where all of your activity must de-facto be under a single public identity….

“[T]here can’t be an easily legible hard limit on how many identities you can easily get. If you can only have one identity, you do not have pseudonymity, and you can be coerced into revealing it.”

Buterin believes multiple identities, managed separately, provide concurrent identity and privacy.

I Guess I’m Also the Non-Person Entity Product Marketing Expert

I was recently updating my “biometric product marketing expert” page. Because if you haven’t heard, I am the biometric product marketing expert. There’s even a video and stuff.

Make an impact.

In addition to becoming the biometric product marketing expert by studying the biometric modalities and non-biometric factors associated with a person…I’ve also studied the identification of non-person entities.

Bredemarket and Non-Person Entities

I started this study back on August 20, 2024, when I originally wrote about attribute-based access control.

Since then I’ve continued to write about NPEs.

A lot.

9 times during the second quarter of 2025 alone. I don’t know what got into me on April 9.

(6/19/2025) HP Instant Ink Users and Identity: 1:1 Person-to-NPE Binding Isn’t Always Enough.
(5/30/2025) Identity-Bound Non-Person Entities.
(5/14/2025) Evading State Taxes: Non-Person Automotive Entities and Geolocation.
(5/3/2025) N. P. E. Bredemarket is Live on Instagram.
(4/9/2025) Unified.
(4/9/2025) If Your Identity System Only Manages People, It Is Flawed.
(4/9/2025) NPEs and Emotions.
(4/3/2025) Another Take on NPEs and Security.
(4/1/2025) You Can’t Prove that an International Mobile Equipment Identity (IMEI) Number is Unique.

And I’ve planned at least one more NPE post before the end of the month, possibly on Thursday.

Because as I previously said (on April 9, of course), if your identity system only manages people, it is flawed.

Now I’ll grant that I’m in the minority when I use the phrase “non-person entity.” The phrase “non-human identity” is much more popular.

But all your people and refrigerators know what I’m talking about.

So do I have to remake the 32 second video…again? This was the third go at it, after my second and first versions.

But you don’t want an NPE writing your content

Trust me. You don’t.

You want me.

Because I’m the…you know.

Schedule a free meeting with me to discuss your content needs.

CPA

Bredemarket’s “CPA.”

Possible FinCEN Changes

H/T ComplyAdvantage. From FinCEN.

“[On June 18] the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) held the 62nd semi-annual plenary meeting of the Bank Secrecy Act Advisory Group (BSAAG). Deputy Secretary of the Treasury Michael Faulkender delivered remarks at the event laying out guiding principles for BSA modernization.”

https://www.fincen.gov/news/news-releases/fincen-holds-62nd-bank-secrecy-act-advisory-group-bsaag-plenary

ComplyAdvantage itself states:

“The most eye-catching update is that the Treasury will attempt to “change the AML/CFT [Anti Money Laundering/Combating the Financing of Terrorism] status quo” so the BSA “explicitly permits financial institutions to de-prioritize risks” and direct resources towards higher-risk areas. The Treasury also intends to streamline reporting processes to minimize the SAR [Suspicious Activity Report] and CTR [Currency Transaction Report] burden on organizations.”

https://www.linkedin.com/pulse/us-plans-bsa-modernization-singapore-implements-corporate-iuzxe

Yet Another Video Reel-ease on Monday

[UPDATE: The video is reel-eased.]

I created a new reel for my identity/biometric prospects, but haven’t released it yet.

I’ll release it on Monday, June 23, at 8 am (Pacific Daylight Time).

Where?

Here on the Bredemarket blog.
The Bredemarket Instagram account.
The Bredemarket Facebook page.
Other places (after 8 am).

I even scheduled a Facebook event. Because Meta wants me to turn every Facebook post into an event, I set one up for Monday at 8 am (Pacific Daylight Time).

Nothing special at the event; I’m not even planning to go live. Just a time to check to see if the video is posted, and to spend 32 seconds watching it.

Enjoy.