Complex Problem of Complex Password

CISCO

Today’s topic is this article by CISCO on the password headache — https://www.linkedin.com/posts/cisco_it-happens-heres-a-guide-on-how-to-activity-7063817325749129217-Z-eW

We are usually given these three recommendations on the issue of weak password protection — use complex and long passwords, don’t reuse the same password across many accounts and don’t carry around a memo/storage with your passwords on it.

We have these two options -

(1) We follow one or two of these three recommendations (Disjunction/in-parallel/OR)

(2) We follow all of these three recommendations (Conjunction/in-series/AND)

(1) would be easy to do but we would not be safe, while (2) should theoretically make us safe although most of us are simply unable to do it.

Should we want to get out of this dilemma, we could think of two courses -

(A) ditching the password altogether — When we have removed our stomach, we would be freed from stomach-ache altogether.

(B) making the password secure and yet practicable — An approach still hardly known to the population even though it is actually practiced for national defense for a decade.

If you are attracted towards (A) which a number of big tech firms are touting, you could spend several minutes on this paper — “How to not see our weak digital identity further weakened (updated 7May2023)” https://www.linkedin.com/pulse/how-see-our-weak-digital-identity-further-weakened-hitoshi-kokumai/

Should you be interested in (B), you could spend your several minutes on this — “Mnemonic Gateways as Leading Digital Identity App (updated 15May2023)” https://www.linkedin.com/pulse/mnemonic-gateways-leading-digital-identity-app-hitoshi-kokumai/

Well, as you see in the above, there could be two approaches to cope with the problem of Password Fatigue.

One is to throw away the password altogether, and give up the valuable security somehow provided by the password. This is what ‘passwordless’ and ‘biometrics’ authentication schemes are supposed to be achieving, well, to the delight of criminals.

Moreover, democracy would be lost where the password that we feed volitionally was lost. When authentication happens without our knowledge or against our will, it’s a 1984-like Dystopia.

Another is to promote ‘Fatigue-free’ Password System. This is what we at MIS are achieving with Expanded Password System powered by citizens’ non-volatile episodic memory. Say, from ‘Password Fatigue’ to ‘Fatigue-free Password’