Stolen Passwords — How to Break Away from This Futile Loop

Today’s topic: ”UK donates 225 million stolen passwords to hack-checking site” https://www.bbc.com/news/technology-59730010

We could think of three different approaches –

(1) teach people to remember a yet stronger password that everyone knows humans are by no means able to recall (proper hashing assumed),

(2) remove the password altogether from the sphere of digital identity

and (3) make the entropy of the password high enough to stand fierce brute force attacks (proper hashing assumed) while reducing the burden on people

(1) is what security professionals including NIST used to propose persistently for a few decades, (2) is what some disastrously misguided people proposed and (3) is what we are proposing

Ref for (1): No need any longer although there are still a pocket of people who stick to it.

Ref for (2): Passwords are to Present-day Citizens What Stones and Clubs are to Ancient Ancestors

https://www.linkedin.com/posts/hitoshikokumai_identity-authentication-password-activity-6876349775999045632-hoAu

Ref for (3): Maximizing Entropy of Secret Credentials while Minimizing Burden on Citizens

https://www.linkedin.com/posts/hitoshikokumai_identity-authentication-password-activity-6863663982465695744-jtKo

Incidentally, we would like to emphasize that it would be only harmful to mix up the discussions on authenticators (password, token, etc.) with that on deployment of authenticators (2FA/MFA, SSO, etc.)

Key References

Bring a healthy second life to legacy password systems

For Achieving Solid Digital Identity on Information Security Buzz (Mar/2021)

What We Know for Certain about Authentication Factors

Digital Identity for Global Citizens

Image-to-Code Conversion by Expanded Password System

Summary and Brief History — Expanded Password System

Proposition on How to Build Sustainable Digital Identity Platform

Account Recovery with Expanded Password System

Additional References

Removal of Passwords and Its Security Effect

Step-by-Step Analysis of Why and How Biometrics Brings Down Security

Negative Security Effect of Biometrics Deployed in Cyberspace

External Body Features Viewed as ‘What We Are’

History, Current Status and Future Scenarios of Expanded Password System

Availability-First Approach

Update: Questions and Answers — Expanded Password System and Related Issues

< Videos on YouTube>

Slide: Outline of Expanded Password System (3minutes 2seconds)

Digital Identity for Global Citizens (10minutes — narrated)

Demo: Simplified Operation on Smartphone for consumers (1m41s)

Demo: High-Security Operation on PC for managers (4m28s)

Demo: Simple capture and registration of pictures by users (1m26s)

Slide: Biometrics in Cyber Space — “below-one” factor authentication