Wish to Cut Down Password-Reset Cost? — Look to Citizens’ Long-Term Memory

The Cost of Password Lockouts

https://securityboulevard.com/2022/10/the-cost-of-password-lockouts/

The more threateningly people are urged to use stronger passwords without recycling and without relying on a memo, the more frequently people get locked out and the more time and money have to be lost from the help desk. It’s just a natural causal relation.

We could think of three solutions to this issue -

1. Allow people to recycle passwords, rely on a memo and use easier-to-recall and easier-to-break passwords

2. Remove the password altogether from identity authentication processes

3. Achieve a good balance between security and usability at a very high level with citizens’ non-volatile long-term memory

*1 Possibly acceptable for the accounts that require only very low security. It’s certain that nobody, except hardened bad guys, dare to urge people to adopt this approach for high-security accounts.

*2 Possibly acceptable for the accounts for which availability and convenience, not security, matter. It would be absolutely disastrous if deployed where security matters.

Frighteningly, we see a serious threat here, that is, there are a number of security people who promote this destructive approach for allegedly enhancing the identity security, as repeatedly discussed in this blog collection “LOSS of Security Taken for GAIN of Security” https://www.linkedin.com/pulse/loss-security-taken-gain-hitoshi-kokumai/

*3 What would happen to the help desk where it is extremely hard for people to forget their hard-to-break passwords?

Spend 90 seconds with this video — “Fend Off Cybercrime by Episodic Memory” https://youtu.be/T1nrAlmytWE

Should you find it inviting, you might be interested to investigate this comprehensive slide presentation — “Fend Off Cybercrime with Episodic Memory (Updated -29August2022–37p)” https://www.slideshare.net/HitoshiKokumai/slide-share-updated-fend-off-cybercrime-with-episodic-memory-29aug2022

Note: A video version with narration is now available at https://drive.google.com/file/d/1FEYKjBOEVXVEljRt2_nu1uSXvtUNN73Q/view