‘Admin123’ as Top Security Threat — Wonder or No Wonder?
“CISA publishes top 10 most common security misconfigurations” https://www.theregister.com/2023/10/06/cisa_top_10_misconfigurations
The report reads “CISA reveals ‘Admin123’ as top security threat in cyber sloppiness chart. Calls for wider adoption of security-by-design principles continue to ring loudly from Uncle Sam ”
It was already like this 20 years ago and will probably be still like this in 20 years unless cybersecurity experts who design the identity systems listen to our discussion. Why? -
1. Still sticking to the hard-to-manage and vulnerable text-only password? — We would be hearing the same idiotic grumbles for many more generations.
2. Removing the password from identity security and rely 100% on ‘what we possess’? — It might sound convenient. What about the real online and offline threats?
A comprehensive analysis of the security effect of removing the password is provided here “How to not see our weak digital identity further weakened” (updated 31May2023) https://www.linkedin.com/pulse/how-see-our-weak-digital-identity-further-weakened-hitoshi-kokumai/
3. Replacing the password with biometrics? — Our answer is given in this 2minute video “Biometrics in Cyber Space — ‘below-one’ factor authentication” https://youtu.be/wuhB5vxKYlg
We are certain that whoever watched this short video would never be able to assert that biometrics would not destroy the identity security that a password/pincode has somehow provided.
4. How about expanding the password to include non-text memory objects, especially the image memory of our pleasant personal experiences? — This is what we have been promoting as Expanded Password System since 2000.
- Reference -
“Image Memory versus Text Memory” (27Aug2023) https://www.linkedin.com/posts/hitoshikokumai_why-our-brains-prefer-symbols-to-words-activity-7101417424599601152-qQ2f
“Power of ‘Image-to-Password’ Converter” (2Aug2023) https://www.linkedin.com/posts/hitoshikokumai_identity-authentication-password-activity-7092388805462134785-xbVP
A derivative is used by Japanese Army for the personnel responsible for encrypted data exchange on field communications vehicles since 2013, with the number of licenses increasing more than 10-fold and set to stay in use for 10 more years.
We are now close to the Beta release of another derivative Mnemonic Gateways leak-proof password manager.
and also “Unfounded Criticism of Expanded Password System” (19Sep2023) https://www.linkedin.com/posts/hitoshikokumai_identity-authentication-password-activity-7109763719072514048--Nwu
