‘Admin123’ as Top Security Threat — Wonder or No Wonder?

Hitoshi Kokumai
2 min readOct 11, 2023

“CISA publishes top 10 most common security misconfigurations” https://www.theregister.com/2023/10/06/cisa_top_10_misconfigurations

The report reads “CISA reveals ‘Admin123’ as top security threat in cyber sloppiness chart. Calls for wider adoption of security-by-design principles continue to ring loudly from Uncle Sam ”

It was already like this 20 years ago and will probably be still like this in 20 years unless cybersecurity experts who design the identity systems listen to our discussion. Why? -

1. Still sticking to the hard-to-manage and vulnerable text-only password? — We would be hearing the same idiotic grumbles for many more generations.

2. Removing the password from identity security and rely 100% on ‘what we possess’? — It might sound convenient. What about the real online and offline threats?

A comprehensive analysis of the security effect of removing the password is provided here “How to not see our weak digital identity further weakened” (updated 31May2023) https://www.linkedin.com/pulse/how-see-our-weak-digital-identity-further-weakened-hitoshi-kokumai/

3. Replacing the password with biometrics? — Our answer is given in this 2minute video “Biometrics in Cyber Space — ‘below-one’ factor authentication” https://youtu.be/wuhB5vxKYlg

We are certain that whoever watched this short video would never be able to assert that biometrics would not destroy the identity security that a password/pincode has somehow provided.

4. How about expanding the password to include non-text memory objects, especially the image memory of our pleasant personal experiences? — This is what we have been promoting as Expanded Password System since 2000.

- Reference -

“Image Memory versus Text Memory” (27Aug2023) https://www.linkedin.com/posts/hitoshikokumai_why-our-brains-prefer-symbols-to-words-activity-7101417424599601152-qQ2f

“Power of ‘Image-to-Password’ Converter” (2Aug2023) https://www.linkedin.com/posts/hitoshikokumai_identity-authentication-password-activity-7092388805462134785-xbVP

A derivative is used by Japanese Army for the personnel responsible for encrypted data exchange on field communications vehicles since 2013, with the number of licenses increasing more than 10-fold and set to stay in use for 10 more years.

We are now close to the Beta release of another derivative Mnemonic Gateways leak-proof password manager.

and also “Unfounded Criticism of Expanded Password System” (19Sep2023) https://www.linkedin.com/posts/hitoshikokumai_identity-authentication-password-activity-7109763719072514048--Nwu



Hitoshi Kokumai

Advocate of ‘Identity Assurance by Our Own Volition and Memory’, Inventor of Expanded Password System and Founder of Mnemonic Identity Solutions Limited in UK.