Dementia and Authentication

Hitoshi Kokumai
2 min readAug 10, 2022

“Your solution, Expanded Password System, has a big drawback of being useless for the authentication of people with advanced dementia.” — This is what I kept hearing over 20 years, mostly from the people who promote passwordless and biometrics authentication schemes.

“When people become unable to recognise the unforgettable images of their episodic memory that they had volitionally registered as login credentials, it is probably the time that guardianship should be considered for them. While it’s possible to get them ‘identified’, getting them ‘authenticated’ should be viewed as a crime in a democratic society”. — This is what I kept answering over the 20 years.

The issue of ‘identification vs authentication’ had again emerged from this post — “Latest News on Follow-Up with ENISA”

In response to a voice of “how many distinguish ‘authentication’ vs ‘identification’? Having a vested interest does not make those people right”,

I mentioned “There may be two groups of security professionals -

(a) those who unknowingly mix up identification and authentication, and push themselves into a cognitive pitfall,

(b) those who knowingly mix up the two and sell the product designed for identification to the people who need the solutions for authentication.

The effect of “Not Distinguish ‘Identify’ and ‘Authenticate’” on the public is the same in both cases, though” — a wide spread false sense of security.

Website —

Digital identity blogs collected at



Hitoshi Kokumai

Advocate of ‘Identity Assurance by Our Own Volition and Memory’, Inventor of Expanded Password System and Founder of Mnemonic Identity Solutions Limited in UK.