Stolen Passwords — How to Break Away from This Futile Loop

Today’s topic: ”UK donates 225 million stolen passwords to hack-checking site”

We could think of three different approaches –

(1) teach people to remember a yet stronger password that everyone knows humans are by no means able to recall (proper hashing assumed),

(2) remove the password altogether from the sphere of digital identity

and (3) make the entropy of the password high enough to stand fierce brute force attacks (proper hashing assumed) while reducing the burden on people

(1) is what security professionals including NIST used to propose persistently for a few decades, (2) is what some disastrously misguided people proposed and (3) is what we are proposing

Ref for (1): No need any longer although there are still a pocket of people who stick to it.

Ref for (2): Passwords are to Present-day Citizens What Stones and Clubs are to Ancient Ancestors

Ref for (3): Maximizing Entropy of Secret Credentials while Minimizing Burden on Citizens

Incidentally, we would like to emphasize that it would be only harmful to mix up the discussions on authenticators (password, token, etc.) with that on deployment of authenticators (2FA/MFA, SSO, etc.)

Key References

Bring a healthy second life to legacy password systems

For Achieving Solid Digital Identity on Information Security Buzz (Mar/2021)

What We Know for Certain about Authentication Factors

Digital Identity for Global Citizens

Image-to-Code Conversion by Expanded Password System

Summary and Brief History — Expanded Password System

Proposition on How to Build Sustainable Digital Identity Platform

Account Recovery with Expanded Password System

Additional References

Removal of Passwords and Its Security Effect

Step-by-Step Analysis of Why and How Biometrics Brings Down Security

Negative Security Effect of Biometrics Deployed in Cyberspace

External Body Features Viewed as ‘What We Are’

History, Current Status and Future Scenarios of Expanded Password System

Availability-First Approach

Update: Questions and Answers — Expanded Password System and Related Issues

< Videos on YouTube>

Slide: Outline of Expanded Password System (3minutes 2seconds)

Digital Identity for Global Citizens (10minutes — narrated)

Demo: Simplified Operation on Smartphone for consumers (1m41s)

Demo: High-Security Operation on PC for managers (4m28s)

Demo: Simple capture and registration of pictures by users (1m26s)

Slide: Biometrics in Cyber Space — “below-one” factor authentication




Advocate of ‘Identity Assurance by Our Own Volition and Memory’, Inventor of Expanded Password System and Founder of Mnemonic Identity Solutions Limited in UK.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

An intro to pentesting an Android phone

No Password, No Phishing

The Best Way To Provide KMS Permissions In AWS

Channel weighs integrated security solution vs. point-product approach

Security Considerations in EIP-4626 by Fairyproof

Multichain Security Model & Mechanism

Three times I was tricked.

10 Key Issues Of General Data Protection Regulation (GDPR)

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Hitoshi Kokumai

Hitoshi Kokumai

Advocate of ‘Identity Assurance by Our Own Volition and Memory’, Inventor of Expanded Password System and Founder of Mnemonic Identity Solutions Limited in UK.

More from Medium

Striking Case of Misperception about Secret Credential

Short note on Vernam Cipher (One-Time Pad) in Cipher Methods for Cryptography

Zero-knowledge proof: What is it and why does it matter?