Open in app

Sign in

Write

Sign in

Sequel — Detection of Fake Log-In Page

Hitoshi Kokumai
2 min readFeb 9, 2021

--

In my earlier post “Detection of FakeLog-In Page”, I wrote “show the user’s image ALONG WITH DOZENS OF OTHER IMAGES.”

Have you taken note of it? This element plays a crucial role in our scheme.

A would-be phisher can easily copy the log-in screen and show it to a target user whose User ID is known. But the phisher does not know which image was registered by the user as the credential of the genuine log-in server as against the other images, whereas both the user and the genuine log-in server know which one was registered.

We ask the user to pick up the registered image and also several other meaningless images in a random sequence; the outcome will be that the genuine log-in server will know that the user has selected the registered image in the choice, while a fake log-in server will not know it, so the phishing process will have to stop there. Copying the genuine log-in page would thus take the phisher nowhere.

After this screening of fake log-in servers, the user will be asked to go through the authentication by a password, desirably by Expanded Password System where it is available.

< References >

Summary and Brief History — Expanded Password System

Image-to-Code Conversion by Expanded Password System

Proposition on How to Build Sustainable Digital Identity Platform

External Body Features Viewed as ‘What We Are’

History, Current Status and Future Scenarios of Expanded Password System

Negative Security Effect of Biometrics Deployed in Cyberspace

Removal of Passwords and Its Security Effect

Availability-First Approach

Update: Questions and Answers — Expanded Password System and Related Issues (30/June/2020)

< Videos on YouTube>

Slide: Outline of Expanded Password System (3minutes 2seconds)

Demo: Simplified Operation on Smartphone for consumers (1m41s)

Demo: High-Security Operation on PC for managers (4m28s)

Demo: Simple capture and registration of pictures by users (1m26s)

Slide: Biometrics in Cyber Space — “below-one” factor authentication

< Latest Media Articles Published in 2020 Spring>

Digital Identity — Anything Used Correctly Is Useful https://www.valuewalk.com/2020/05/digital-identity-biometrics-use/

‘Easy-to-Remember’ is one thing ‘Hard-to-Forget’ is another https://www.paymentsjournal.com/easy-to-remember-is-one-thing-hard-to-forget-is-another/

Technology
Security
Digital Identity
Authentication
Passwords

--

--

Hitoshi Kokumai
Hitoshi Kokumai

Written by Hitoshi Kokumai

28 Followers
2 Following

Advocate of ‘Identity Assurance by Our Own Volition and Memory’, Inventor of Expanded Password System and Founder of Mnemonic Identity Solutions Limited in UK.

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams