Role of Secret Credential is Missing in This Report

Hitoshi Kokumai
2 min readSep 2, 2022


I owe this report on ‘decentralized identities for the next generation of the internet’ to Bianca Lopes’ Data Game newsletter —

Missing in this report is the critical role of a secret credential, usually a password.

- A key authenticates the lock. A lock authenticates the key.

- However sophisticated it may look with an advanced mechanism (or clever cryptography), a key is prone to theft and abuse.

- What can authenticate the person who is now holding the key?

Whether centralised or decentralised, a solid digital identity would be a pipe dream if the authentication scheme comes without the solid secret credential that enables citizens to give a firm answer to the question of ‘Is this person who claims to be?’.

The conventional text password used to make a valid secret credential many decades ago, but it is no longer good enough. (Beware! ‘Not good/helpful enough’ is NOT the same as ‘bad/harmful’)

We propose that we make use of our own non-volatile episodic memory as the seed of solid secret credential — have a glance at Page 6 of this explanatory slide with scripts — “Fend Off Cybercrime with Episodic Memory”

Looking to the security effect of removal of the password? — Then, visit this blog collection on this subject — “LOSS of Security Taken for GAIN of Security”

Website —

Digital identity blogs collected at



Hitoshi Kokumai

Advocate of ‘Identity Assurance by Our Own Volition and Memory’, Inventor of Expanded Password System and Founder of Mnemonic Identity Solutions Limited in UK.