Leak-resistant Secret Credentials

Today’s topic is “Microsoft Exchange Autodiscover protocol found leaking hundreds of thousands of credentials” https://www.theregister.com/2021/09/22/microsoft_exchange_autodiscover_protocol_found/

It appears to be next to impossible for any talented servicers to locate all the critical vulnerabilities before someone else, bad guys in many cases, locate them. Then we should better assume that our own credentials could leak at any time.

One of the valid solutions against it would be to use the passwords whose hashed entropy is so big as to stand the brute force attacks by supercomputers. It is not what humans can easily do, however, meaning that we need a powerful tool to achieve it like the stones and clubs for our ancestors.

Our proposition of ‘image-to-code conversion’ might well make a sizeable contribution as discussed here “New Slide — Healthy Second Life of Legacy Password Systems” https://www.linkedin.com/posts/hitoshikokumai_bring-a-healthy-second-life-to-legacy-password-activity-6837948929376681984-xKjH

Well, were you considering that killing the password could be a solution?

What does not exist will indeed not leak, but we will end up seeing our future killed; Where our identity is established without our will/volition confirmed, democracy is fatally eroded. Practically we would no longer have a restful sleep unless staying alone in a closed space locked from within or fenced by faithful bodyguards.

Incidentally, the security effect of removing the password is discussed here — “Remove the army and we will have a stronger national defense”

Key References

Bring a healthy second life to legacy password systems

For Achieving Solid Digital Identity on Information Security Buzz (Mar/2021)

What We Know for Certain about Authentication Factors

Digital Identity for Global Citizens

Image-to-Code Conversion by Expanded Password System

Summary and Brief History — Expanded Password System

Proposition on How to Build Sustainable Digital Identity Platform

Account Recovery with Expanded Password System

Additional References

Removal of Passwords and Its Security Effect

Step-by-Step Analysis of Why and How Biometrics Brings Down Security

Negative Security Effect of Biometrics Deployed in Cyberspace

External Body Features Viewed as ‘What We Are’

History, Current Status and Future Scenarios of Expanded Password System

Availability-First Approach

Update: Questions and Answers — Expanded Password System and Related Issues

< Videos on YouTube>

Slide: Outline of Expanded Password System (3minutes 2seconds)

Digital Identity for Global Citizens (10minutes — narrated)

Demo: Simplified Operation on Smartphone for consumers (1m41s)

Demo: High-Security Operation on PC for managers (4m28s)

Demo: Simple capture and registration of pictures by users (1m26s)

Slide: Biometrics in Cyber Space — “below-one” factor authentication

Advocate of ‘Identity Assurance by Our Own Volition and Memory’, Inventor of Expanded Password System and Founder of Mnemonic Identity Solutions Limited in UK.