Stolen Passwords — How to Break Away from This Futile Loop

Today’s topic: ”UK donates 225 million stolen passwords to hack-checking site” https://www.bbc.com/news/technology-59730010

We could think of three different approaches –

(1) teach people to remember a yet stronger password that everyone knows humans are by no means able to recall (proper hashing assumed),

(2) remove the password altogether from the sphere of digital identity

and (3) make the entropy of the password high enough to stand fierce brute force attacks (proper hashing assumed) while reducing the burden on people

(1) is what security professionals including NIST used to propose persistently for a few decades, (2) is what some disastrously misguided people proposed and (3) is what we are proposing

Ref for (1): No need any longer although there are still a pocket of people who stick to it.

Ref for (2): Passwords are to Present-day Citizens What Stones and Clubs are to Ancient Ancestors

https://www.linkedin.com/posts/hitoshikokumai_identity-authentication-password-activity-6876349775999045632-hoAu

Ref for (3): Maximizing Entropy of Secret Credentials while Minimizing Burden on Citizens

https://www.linkedin.com/posts/hitoshikokumai_identity-authentication-password-activity-6863663982465695744-jtKo

Incidentally, we would like to emphasize that it would be only harmful to mix up the discussions on authenticators (password, token, etc.) with that on deployment of authenticators (2FA/MFA, SSO, etc.)

Key References

Bring a healthy second life to legacy password systems

For Achieving Solid Digital Identity on Information Security Buzz (Mar/2021)

What We Know for Certain about Authentication Factors

Digital Identity for Global Citizens

Image-to-Code Conversion by Expanded Password System

Summary and Brief History — Expanded Password System

Proposition on How to Build Sustainable Digital Identity Platform

Account Recovery with Expanded Password System

Additional References

Removal of Passwords and Its Security Effect

Step-by-Step Analysis of Why and How Biometrics Brings Down Security

Negative Security Effect of Biometrics Deployed in Cyberspace

External Body Features Viewed as ‘What We Are’

History, Current Status and Future Scenarios of Expanded Password System

Availability-First Approach

Update: Questions and Answers — Expanded Password System and Related Issues

< Videos on YouTube>

Slide: Outline of Expanded Password System (3minutes 2seconds)

Digital Identity for Global Citizens (10minutes — narrated)

Demo: Simplified Operation on Smartphone for consumers (1m41s)

Demo: High-Security Operation on PC for managers (4m28s)

Demo: Simple capture and registration of pictures by users (1m26s)

Slide: Biometrics in Cyber Space — “below-one” factor authentication

--

--

--

Advocate of ‘Identity Assurance by Our Own Volition and Memory’, Inventor of Expanded Password System and Founder of Mnemonic Identity Solutions Limited in UK.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

A Naïve Foreign Affairs Article on Cyber Operations

Data as Collateral

JP:United Vswapers! For our brighter future

How do I recover my Hotmail account without a phone number Email Also?

Why Privacy Coins Haven’t Taken Off

Effective OSC Communication between macOS and Mobile

Notice: Users MUST claim all your dividend of Bagels V1 in [Harvest Legacy] by 8pm (UTC-4),October…

SQL Injection

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Hitoshi Kokumai

Hitoshi Kokumai

Advocate of ‘Identity Assurance by Our Own Volition and Memory’, Inventor of Expanded Password System and Founder of Mnemonic Identity Solutions Limited in UK.

More from Medium

Passwords are to Present-day Citizens What Stones and Clubs are to Ancient Ancestors

GoDaddy Just Got Hacked (again) — How and Why Did that Happen?

DeFi — An Introduction

Recent Trends in Computer Security