SlideShare a Scribd company logo

More Issues on Digital Identity (24Feb2023)

Download as DOCX, PDF
Hitoshi Kokumai
Hitoshi Kokumai

Here are the discussions that are mentioned in P19 of "Fend Off Cyberattack with Episodic Memory" https://www.slideshare.net/HitoshiKokumai/fend-off-cyberattack-with-episodic-memory-24feb2023

Technology
1 of 20
More Issues on Digital Identity 1 - Phishing Deterrence - Cryptography and Digital Identity - AI and Quantum-Computing - Login under Duress - 2-Channel Expanded Password System - Secure Brain-Machine-Interface - Security-Destructive Passwordless schemes - Misused Biometrics - Stopgap Hybrid Text Password - Dementia and Identity - FIDO and Expanded Password System - Transparency and Integrity - How We Position Our Proposition - Competition or Opportunity - Overcoming Head Wind 24th February, 2023 Hitoshi Kokumai, Chief Architect Mnemonic Identity Solutions Limited I would like to talk about some more topics related to our endeavor of building a solid and sustainable digital identity platform.
Phishing Deterrence On Text Password Platform Damage limited only to one targeted account even in the worse case: No password needs to be re-used across multiple accounts where Mnemonic Gateways password manager is deployed On Expanded Password Platform Costs inflicted on phishers of preparing the same Images for each target Costs of ‘Cat & Mouse’ process in which phishers cannot have the initiative “Detection of Phishing by Episodic Image Memory” https://www.slideshare.net/HitoshiKokumai/detection-of-phishing-by-episodic-image-memory- 243182482 The title reads ‘Phishing Deterrence’ , not ‘Phishing Prevention’. Expanded Password System could make a meaningful contribution to deterrence of phishing attacks, although it alone cannot prevent phishing.
Cryptography and Digital Identity Protection by cryptography can’t be above protection by login credential Shall we consider a very typical case that a message is encrypted by a cryptographic module that can stand the fiercest brute forces attacks for trillions of years, while the digital identity of the recipient who is to decrypt the encrypted message is protected by a password that a PC can break in a matter of hours or even minutes? Protection by cryptography can’t be above protection by login credential, passwords in most cases. The lower of the two decides the overall protection level. This observation urges us to make the secret credentials the most solid and reliable where the data to protect is classified. Here we propose that we can make use of operators’ episodic memory that is firmly inscribed deep in their brains for their secret credentials.
Impact of AI and Quantum Computing https://aitechtrend.com/quantum-computing-and-password-authentication/ In its publication in autumn 2021 USA’s NSA said “We ‘don’t know when or even if’ a quantum computer will ever be able to break today’s public-key encryption” In view of that observation, in an article “Quantum Computing and Password Authentication” I wrote “Let us assume, however, that quantum computing has suddenly made a quantum leap and becomes able to break today’s public key schemes. Would we have to despair? We do not need to panic. Bad guys, who have a quantum computer at hand, would still have to break the part of user authentication, that is NOT dependent on the public- key scheme, prior to accessing the target data, in the normal environment where secret credentials, that is, remembered passwords, play a big role.” My article , published in early October 2021, became the ‘most trending’ at NY-based aiTech Trend in February 2022 and still retains that status. This phenomenon probably tells much on how concerned artificial intelligence people are about the issue of passwords and identity assurance with respect to the uncontrolled progress of AI and Quantum Computing.
Login under Duress The issue of Login under Duress is taken care of since 2003 . Watch this video - “High-Security Operation on PC for managers” https://www.youtube.com/watch?v=UO_1fEp2jFo The bad guy who is forcing the user to make a login under duress without knowing how many images the user had registered, would have no idea of whether the user selected an extra image or not, whereas the software would detect it, allow the login and guide the bad guy to a dummy data section while silently sending a real-time alarm to security personnel. The issue of Login under Duress is already taken care of since 2003 . Watch this video - “High-Security Operation on PC for managers” At 2 minutes 40 seconds, you will be watching the registration page, on which you find a box for ‘Yes or No ‘ for “Emergency PassSymbol”. Click ‘Yes’ and you will be able to register an extra image as a duress code. The bad guy who is forcing the user to make a login under duress without knowing how many images the user had registered, would have no idea of whether the user selected an extra image or not, whereas the software would detect it, allow the login and guide the bad guy to a dummy data section while silently sending a real-time alarm to security personnel. This function had been implemented a decade before Japan’s Army talked to us; We did not assume that such duress alarming function would be rarely appreciated outside the military but anticipated that the more digital assets are piled up in the digital space, the more frequently the cases of forced login under duress will happen.
6 2-Channel Expanded Password System Using physical onetime tokens is said to be more secure than using phones for receiving onetime code via Short Message Service as one of the two authentication factors. However, the use of physical tokens brings its own headache. What shall we do if we have dozens of accounts that require two factor schemes? Carrying around a bunch of dozens of physical tokens? Or, re-using the same tokens across dozens of accounts? The former would be too cumbersome and too easily attract attention of bad guys, physically creating a single point of failure, while the latter would be very convenient but brings the similar single point of failure in another way. Well, what if random onetime numbers or characters are allocated to each image on the matrix shown on a user’s second device. Recognizing the registered images, the user will feed these numbers or characters on a main device. From those onetime data, the authentication server will tell the images that user is supposed to have registered as the credential. All that is needed at the users’ end is just a web browser on a second device. With all different sets of images for all different accounts, a single phone can readily cope with dozens of accounts without creating a single point of failure. This is not a hypothesis. We actually have a use case of commercial implementation.
Secure Brain-Machine-Interface Ask the users to focus their attention on the numbers or characters given to the registered images. Random numbers or characters allocated to the images. Neuro signals are monitored via a separate channel. A simple brain-monitoring has a security problem. The data, if wiretapped by criminals, can be replayed for impersonation straight away. The monitored brain data should be a onetime disposable code. An idea is that the authentication system allocates random numbers or characters to the images shown to the user. The user focuses their attention on the numbers or characters given to the images they had registered. The monitoring system will collect the brain-generated onetime signals corresponding to the registered images. Incidentally, the channel for showing the pictures is supposed to be separated from the channel for brain-monitoring. Even if intercepting successfully, criminals would be unable to impersonate the user because the intercepted data was onetime and disposed upon use.
Have a Break Published in 2005 This comic looks more relevant now than 18 years ago when it was published. Please have this 2-minute break with the comic.
Security-Destructive ‘Passwordless’ Schemes Here is a one-stop reference paper on this problem “How to not see our weak digital identity further weakened” https://www.linkedin.com/pulse/how-see-our-weak-digital-identity-further-weakened-hitoshi-kokumai/ Where removing the password increase security of digital identity, we would find such picture at every ATM . We would also hear “Remove the army and we will have a stronger national defense” We could accept “Passwordless” authentication without losing sanity if it comes with a transparent statement that it brings ‘better availability’ at the cost of losing security, helping people where availability and convenience, not security, matters most. The problem is that the “passwordless” promoters are adamantly alleging that the passwordless schemes are to increase security, thus spreading a false sense of security. The false sense of security is not only weakening the defence of democratic nations from within when we have to cope with the yet increasing cybersecurity threats from aggressive anti-democracy regimes, but also preventing global citizens from being better prepared against the threats by making good use of the defence surface of the password and its expanded developments.
More on ‘Passwordless’ Authentication (1) Password-less + nothing else; the least secure (2) Password-less + something else; securer than (1) (3) Password + something else: point of arguments (1) Token-less + nothing else; the least secure (2) Token-less + something else; securer than (1) (3) Token + something else: point of arguments Let me try a breakdown of the passwordless concept. (1) Password-less + nothing else; the least secure (2) Password-less + something else; securer than (1) (3) Password + something else: here is the point of arguments By our criteria, the security increases from 1 to 3. However, by the “passwordless” folks’ criteria, the security of (2) is viewed as higher than (3), presumably because an attack surface of the password is removed in (2) whereas there is an attack surface on the password in (3). Well, let me try the same for “token-less” login. (1) Token-less + nothing else; the least secure (2) Token-less + something else; securer than (1) (3) Token + something else: here is the point of arguments By our criteria, the security increases from 1 to 3. However, by the “passwordless” folks’ criteria, the security of (2) should be viewed as higher than (3) because an attack surface of the token is removed in (2) whereas there is an attack surface on the token in (3). Did you find it fun or very worrying?
More on ‘Passwordless’ Authentication Posts on this issue are collected at “LOSS of Security Taken for GAIN of Security” https://www.linkedin.com/pulse/loss-security-taken-gain-hitoshi-kokumai/ The ‘passwordless’ promoters might have been trapped in a cognitive pitfall. From my experience of debating with them, We suspect that there are three possible scenarios - (1) They may have taken 'what is not good and helpful enough' for 'what is ‘bad and harmful’. (2) They may have failed to notice that a token, whether PKI-based or otherwise, also carries the attack surface of being stolen or otherwise compromised. (3) They may have assumed that a defense surface is a part of an attack surface in the case of password. We wish that the ‘passwordless’ folks had listened to our advice.
Misused Biometrics 12 30-second Video YouTube Surprisingly many people are promoting, selling and adopting biometrics as a tool of identity authentication without the basic knowledge of the very technology. Get graphs to talk the nature of biometrics - By nature, whether static or behavioural, all the biometrics technologies are 'probabilistic' since it measures unpredictably variable body features of living animals in ever changing environments. - False Acceptance and False Rejection are not the variables that are independent from each other, but are dependent on each other. - The lower a False Acceptance Rate is, the higher the corresponding False Rejection Rate is. The lower a False Rejection Rate, the higher the corresponding False Acceptance Rate. - When a False Acceptance Rate is close to Zero, the corresponding False Rejection Rate is close to One. When an False Rejection Rate is close to Zero, the corresponding False Acceptance Rate is close to One. - The presence of False Rejection, however close to Zero, would require a fallback means against the False Rejection unless the user can forget the availability.
More on ‘Biometrics’ Authentication More discussions on this subject collected at “Biometrics Unravelled | password-dependent password-killer” https://www.linkedin.com/pulse/biometrics-unravelled-password-dependent-hitoshi-kokumai/ This house has added a new door with biometrics with near-zero false acceptance besides an old door with a weak password that the biometrics vendor ridiculed harshly. The client asks “The new door looks very impressive. But why does the old door stay?” The vendor replies “The new door rejects criminals so effectively that you might also be rejected occasionally” Shortly thereafter, a burglar is delighted to utter “Very convenient! I can attack both of the two” As such, biometrics used with a fallback password brings down the security that the password has provided. However powerful and influential the biometrics vendor may be, like Apple, Google and Microsoft are, they cannot change this fact. Incidentally, there would be nothing wrong in deploying biometrics with a default/fallback password if vendors state transparently that the benefit of biometrics used for authentication in cyberspace is ‘better availability’ obtained by sacrificing the security that the password on its own somehow provides. What is wrong is that they mislead the public to believe that it contributes to ‘better security’, thus spreading a false sense of security and thereby weakening the defence line of democratic nations from within when we have to face fierce cyberattacks from adversaries of democracy.
Stopgap Hybrid Text Password Factor 1 – Password Remembered (what we know/remember) Factor 2 – Password Written Down or Physically Stored (what we have/possess) 14 Effect - A ‘boring legacy password system’ turning into a no-cost hybrid password system made of ‘what we know’ and ‘what we have’. The problems that are caused by ‘hard-to-manage’ passwords will be drastically mitigated when we come up with “Mnemonic Gateways” password manager driven by Expanded Password System (EPS) and other EPS-based solutions with which the secret credentials for login can be generated and re-generated from non-volatile citizens episodic image memory. While we have to wait for it to happen, we are suggesting a stopgap measure of combining two kinds of passwords - one that we can easily remember and recall , with the other that is truly random and complex for electronical storage on a device. When in use, we recall and type the former and copy&paste the latter. We call it ‘Hybrid Text Password’. It is not as safe and simple as remembering the whole of it but much safer than storing the whole of it. But, would you be interested to talk about the size of a cake that we know is not edible? The hybrid password is what I myself have long been practicing for high-security accounts that accept only text-passwords.
Dementia and Authentication When people become unable to recognise the unforgettable images of their episodic memory that they had volitionally registered as login credentials, it is probably the time that guardianship should be considered for them. “Your solution, Expanded Password System powered by citizens’ non-volatile episodic memory, has a big drawback of being useless for the authentication of people with advanced dementia.” - This is what I kept hearing over 20 years, mostly from the people who promote passwordless and biometrics authentication schemes. “When people become unable to recognise the unforgettable images of their episodic memory that they had volitionally registered as login credentials, it is probably the time that guardianship should be considered for them. While it’s possible to get them ‘identified’, getting them ‘authenticated’ should be viewed as a crime in a democratic society”. - This is what I kept answering over the 20 years.
FIDO and Expanded Password System We might be watching two FIDOs; (1) Password-receptive FIDO (2) Password-rejective FIDO A password-repelled (passwordless) FIDO-specified product should not be recommend to the people who need a good security, although it might be acceptable for low-security use cases where availability and convenience matter more. The subject of FIDO frequently pops up in our digital identity discussions. We might be watching two FIDOs; (1) Password-receptive FIDO (2) Password-rejective FIDO We deem that the FIDO specification on its own is (1), although some FIDO people sound as if (2) is the case. A password-repelled (passwordless) FIDO-specified product should not be recommend to the people who need a good security, although it might be acceptable for low- security use cases where availability and convenience matter more. On the other hand, irrespective of how friendlily or unfriendlily FIDO people look at us, we are certain that Expanded Password System powered by citizens’ non-volatile episodic memory is perfectly compatible with the device-based FIDO specification for providing very solid two/multi-factor authentication solutions. Furthermore, such two/multi-factor solutions would be truly robust when the post- quantum cryptography is incorporated. The same reasoning applies to other forms of device-based authentication schemes.
Transparency and Integrity Let me talk about the moral responsibility of those of us who have awoken Firstly, It would not be very wise to get the defence line weakened from within when facing formidable adversaries who are known to be making every effort to destroy the values of democracy. What I mean is the lack of transparency and integrity over the “passwordless” and “biometrics” authentication schemes that quite a few security professionals and big IT players are touting, as discussed earlier. We have been trying to stay tenacious since we awoke to this consequential problem, probably as one of the first few to have awoken to it. We do not want to be among those who knowingly turn a blind eye to the ongoing erosion of the democratic values due to a wrong design of digital transformation when facing the dreadful democracy-destroyers. Secondly, once we are awake to what role the power and merits of citizens’ non- volatile episodic memory can play for solid digital identity, it cannot be an option for us to be hesitant to press ahead proactively and energetically, especially in the current perilous circumstances. We would like to believe that our endeavour is viewed as worth the support of all the good citizens.
How We Position Our Proposition The underpinning principle of Expanded Password System will not go away so long as people want their own volition and memory to remain involved in identity authentication. 18 It’s Legitimate Successor to Seals and Autographs More on the Power of Citizens’ Non-Volatile Episodic Memory Starting with the perception that our continuous identity as human being is made of our autobiographic memory, we are making identity authentication schemes better by leveraging the time-honored tradition of seals and autographs The underpinning principle of Expanded Password System shall not go away so long as people want our own volition and memory to remain involved in identity assurance.
Competition or Opportunity Password-managers, single-sign-on service? Passwords required as the master-password: Opportunity. Two/multi-factor authentication? Passwords required as one of the factors: Opportunity. Pattern-on-grid, emoji, conventional picture passwords? Deployable on our platform: Opportunity. Biometrics? Passwords required as a backup means: Opportunity. What can be thought of as competition to Expanded Password System? 1. Password-managers and single-sign-on services require passwords as the master- password. 2. Two/Multi-factor authentications require passwords as one of the factors. 3. Pattern-on-grid, conventional picture passwords and emoji-passwords can all be deployed on our platform. 4. Biometrics requires passwords as a fallback means. As such, competition could be thinkable only among the different products of the family of Expanded Password System. By the way, some people claim that PIN can eliminate passwords, but logic dictates that it can never happen since PIN is no more than a weak form of numbers-only password. Neither can Passphrase, which is no more than a long password. There are also some people who talk about the likes of PKI and onetime passwords as an alternative to passwords. But it is like talking about a weak door and proposing to enhance the door panel as an alternative to enhancing the lock and key.
Exciting Scenery of Digital Identity Overcoming Head Wind “LOSS of Security Taken for GAIN of Security” - https://www.linkedin.com/pulse/loss-security-taken-gain-hitoshi-kokumai/ We look tiny and sound feeble. They look massive and sound mighty. We are made of logical fact-based non-flammable graphene. They are made of illogical fallacy-based inflammable paper. ‘We’ mean the forces who advocate the digital identity for which citizens’ volition and memory play a critical role, supporting the solid identity security and the values of democracy. ‘They’ mean the forces who advocate the digital identity from which citizens’ volition and memory are removed, damaging the identity security and the values of democracy. Big names like GAFAM are found as part of the paper elephant, which make them look really massive and sound extremely loud. Whether looking tiny or massive, whether sounding feeble or mighty, it does not matter. It’s fact and logic that decides the endgame. We will prevail in due course.

Recommended

Business Dimension of Expanded Password System
Business Dimension of Expanded Password SystemBusiness Dimension of Expanded Password System
Business Dimension of Expanded Password SystemHitoshi Kokumai
 
The Immune System of Internet
The Immune System of InternetThe Immune System of Internet
The Immune System of InternetMohit Kanwar
 
Volume 1 number-2pp-216-222
Volume 1 number-2pp-216-222Volume 1 number-2pp-216-222
Volume 1 number-2pp-216-222Kailas Patil
 
Smart Password
Smart PasswordSmart Password
Smart Passwordpaperpublications3
 
Modern Method for Detecting Web Phishing Using Visual Cryp-tography (VC) and ...
Modern Method for Detecting Web Phishing Using Visual Cryp-tography (VC) and ...Modern Method for Detecting Web Phishing Using Visual Cryp-tography (VC) and ...
Modern Method for Detecting Web Phishing Using Visual Cryp-tography (VC) and ...IJERA Editor
 
J0704055058
J0704055058J0704055058
J0704055058IJERD Editor
 
One Time Pad Journal
One Time Pad JournalOne Time Pad Journal
One Time Pad JournalAmirul Wiramuda
 
Securing corporate assets_with_2_fa
Securing corporate assets_with_2_faSecuring corporate assets_with_2_fa
Securing corporate assets_with_2_faHai Nguyen
 

Recommended

Business Dimension of Expanded Password System
Business Dimension of Expanded Password SystemBusiness Dimension of Expanded Password System
Business Dimension of Expanded Password SystemHitoshi Kokumai
 
The Immune System of Internet
The Immune System of InternetThe Immune System of Internet
The Immune System of InternetMohit Kanwar
 
Volume 1 number-2pp-216-222
Volume 1 number-2pp-216-222Volume 1 number-2pp-216-222
Volume 1 number-2pp-216-222Kailas Patil
 
Smart Password
Smart PasswordSmart Password
Smart Passwordpaperpublications3
 
Modern Method for Detecting Web Phishing Using Visual Cryp-tography (VC) and ...
Modern Method for Detecting Web Phishing Using Visual Cryp-tography (VC) and ...Modern Method for Detecting Web Phishing Using Visual Cryp-tography (VC) and ...
Modern Method for Detecting Web Phishing Using Visual Cryp-tography (VC) and ...IJERA Editor
 
J0704055058
J0704055058J0704055058
J0704055058IJERD Editor
 
One Time Pad Journal
One Time Pad JournalOne Time Pad Journal
One Time Pad JournalAmirul Wiramuda
 
Securing corporate assets_with_2_fa
Securing corporate assets_with_2_faSecuring corporate assets_with_2_fa
Securing corporate assets_with_2_faHai Nguyen
 
Two factor authentication
Two factor authenticationTwo factor authentication
Two factor authenticationHai Nguyen
 
Two factor authentication
Two factor authenticationTwo factor authentication
Two factor authenticationHai Nguyen
 
Expanded password system - Reliable Identity Assurance
Expanded password system - Reliable Identity AssuranceExpanded password system - Reliable Identity Assurance
Expanded password system - Reliable Identity AssuranceHitoshi Kokumai
 
Broken by design (Danny Fullerton)
Broken by design (Danny Fullerton)Broken by design (Danny Fullerton)
Broken by design (Danny Fullerton)Hackfest Communication
 
IRJET- Security Enhancements by Achieving Flatness in Honeyword for Web u...
IRJET- Security Enhancements by Achieving Flatness in Honeyword for Web u...IRJET- Security Enhancements by Achieving Flatness in Honeyword for Web u...
IRJET- Security Enhancements by Achieving Flatness in Honeyword for Web u...IRJET Journal
 
Getting users to care about security
Getting users to care about securityGetting users to care about security
Getting users to care about securityAlison Gianotto
 
Cyber Predicament by Text-Only Password Systems
Cyber Predicament by Text-Only Password SystemsCyber Predicament by Text-Only Password Systems
Cyber Predicament by Text-Only Password SystemsHitoshi Kokumai
 
3D Password M Sc BHU Sem 1
3D Password M Sc BHU Sem 13D Password M Sc BHU Sem 1
3D Password M Sc BHU Sem 1Swagato Dey
 
3d authentication
3d authentication3d authentication
3d authenticationsudheerpothu
 
C0210014017
C0210014017C0210014017
C0210014017researchinventy
 
Implementation of Knowledge Based Authentication System Using Persuasive Cued...
Implementation of Knowledge Based Authentication System Using Persuasive Cued...Implementation of Knowledge Based Authentication System Using Persuasive Cued...
Implementation of Knowledge Based Authentication System Using Persuasive Cued...IOSR Journals
 
How to 2FA-enable Open Source Applications
How to 2FA-enable Open Source ApplicationsHow to 2FA-enable Open Source Applications
How to 2FA-enable Open Source ApplicationsAll Things Open
 
a)In the words of Snowden properly Imlemented strong crypto system.pdf
a)In the words of Snowden properly Imlemented strong crypto system.pdfa)In the words of Snowden properly Imlemented strong crypto system.pdf
a)In the words of Snowden properly Imlemented strong crypto system.pdfaoneonlinestore1
 
A Novel Revolutionary highly secured Object authentication schema
A Novel Revolutionary highly secured Object authentication schemaA Novel Revolutionary highly secured Object authentication schema
A Novel Revolutionary highly secured Object authentication schemaIOSR Journals
 
E banking security
E banking securityE banking security
E banking securityIman Rahmanian
 
IRJET-Enhancement of Security using 2-Factor Authentication, 2nd Factor being...
IRJET-Enhancement of Security using 2-Factor Authentication, 2nd Factor being...IRJET-Enhancement of Security using 2-Factor Authentication, 2nd Factor being...
IRJET-Enhancement of Security using 2-Factor Authentication, 2nd Factor being...IRJET Journal
 
Human_Factors_KA_webinar_-_slides.pptx
Human_Factors_KA_webinar_-_slides.pptxHuman_Factors_KA_webinar_-_slides.pptx
Human_Factors_KA_webinar_-_slides.pptxMuddasarahmed5
 
Marcos de Pedro Neoris authenware_cybersecurity step1
Marcos de Pedro Neoris authenware_cybersecurity step1Marcos de Pedro Neoris authenware_cybersecurity step1
Marcos de Pedro Neoris authenware_cybersecurity step1Marcos De Pedro
 
Information security questions
Information security questions Information security questions
Information security questions gamemaker762
 
Image-to-Code Converter 31July2023.pptx
Image-to-Code Converter 31July2023.pptxImage-to-Code Converter 31July2023.pptx
Image-to-Code Converter 31July2023.pptxHitoshi Kokumai
 
Fend Off Cyberattack with Episodic Memory (24Feb2023)
Fend Off Cyberattack with Episodic Memory (24Feb2023)Fend Off Cyberattack with Episodic Memory (24Feb2023)
Fend Off Cyberattack with Episodic Memory (24Feb2023)Hitoshi Kokumai
 
Slide Share (Updated) - Fend Off Cybercrime with Episodic Memory 29Aug2022
Slide Share (Updated) - Fend Off Cybercrime with Episodic Memory 29Aug2022Slide Share (Updated) - Fend Off Cybercrime with Episodic Memory 29Aug2022
Slide Share (Updated) - Fend Off Cybercrime with Episodic Memory 29Aug2022Hitoshi Kokumai
 

More Related Content

Similar to More Issues on Digital Identity (24Feb2023)

Two factor authentication
Two factor authenticationTwo factor authentication
Two factor authenticationHai Nguyen
 
Two factor authentication
Two factor authenticationTwo factor authentication
Two factor authenticationHai Nguyen
 
Expanded password system - Reliable Identity Assurance
Expanded password system - Reliable Identity AssuranceExpanded password system - Reliable Identity Assurance
Expanded password system - Reliable Identity AssuranceHitoshi Kokumai
 
IRJET- Security Enhancements by Achieving Flatness in Honeyword for Web u...
IRJET- Security Enhancements by Achieving Flatness in Honeyword for Web u...IRJET- Security Enhancements by Achieving Flatness in Honeyword for Web u...
IRJET- Security Enhancements by Achieving Flatness in Honeyword for Web u...IRJET Journal
 
Getting users to care about security
Getting users to care about securityGetting users to care about security
Getting users to care about securityAlison Gianotto
 
Cyber Predicament by Text-Only Password Systems
Cyber Predicament by Text-Only Password SystemsCyber Predicament by Text-Only Password Systems
Cyber Predicament by Text-Only Password SystemsHitoshi Kokumai
 
3D Password M Sc BHU Sem 1
3D Password M Sc BHU Sem 13D Password M Sc BHU Sem 1
3D Password M Sc BHU Sem 1Swagato Dey
 
Implementation of Knowledge Based Authentication System Using Persuasive Cued...
Implementation of Knowledge Based Authentication System Using Persuasive Cued...Implementation of Knowledge Based Authentication System Using Persuasive Cued...
Implementation of Knowledge Based Authentication System Using Persuasive Cued...IOSR Journals
 
How to 2FA-enable Open Source Applications
How to 2FA-enable Open Source ApplicationsHow to 2FA-enable Open Source Applications
How to 2FA-enable Open Source ApplicationsAll Things Open
 
a)In the words of Snowden properly Imlemented strong crypto system.pdf
a)In the words of Snowden properly Imlemented strong crypto system.pdfa)In the words of Snowden properly Imlemented strong crypto system.pdf
a)In the words of Snowden properly Imlemented strong crypto system.pdfaoneonlinestore1
 
A Novel Revolutionary highly secured Object authentication schema
A Novel Revolutionary highly secured Object authentication schemaA Novel Revolutionary highly secured Object authentication schema
A Novel Revolutionary highly secured Object authentication schemaIOSR Journals
 
IRJET-Enhancement of Security using 2-Factor Authentication, 2nd Factor being...
IRJET-Enhancement of Security using 2-Factor Authentication, 2nd Factor being...IRJET-Enhancement of Security using 2-Factor Authentication, 2nd Factor being...
IRJET-Enhancement of Security using 2-Factor Authentication, 2nd Factor being...IRJET Journal
 
Human_Factors_KA_webinar_-_slides.pptx
Human_Factors_KA_webinar_-_slides.pptxHuman_Factors_KA_webinar_-_slides.pptx
Human_Factors_KA_webinar_-_slides.pptxMuddasarahmed5
 
Marcos de Pedro Neoris authenware_cybersecurity step1
Marcos de Pedro Neoris authenware_cybersecurity step1Marcos de Pedro Neoris authenware_cybersecurity step1
Marcos de Pedro Neoris authenware_cybersecurity step1Marcos De Pedro
 
Information security questions
Information security questions Information security questions
Information security questions gamemaker762
 

Similar to More Issues on Digital Identity (24Feb2023) (19)

Two factor authentication
Two factor authenticationTwo factor authentication
Two factor authentication
 
Two factor authentication
Two factor authenticationTwo factor authentication
Two factor authentication
 
Expanded password system - Reliable Identity Assurance
Expanded password system - Reliable Identity AssuranceExpanded password system - Reliable Identity Assurance
Expanded password system - Reliable Identity Assurance
 
Broken by design (Danny Fullerton)
Broken by design (Danny Fullerton)Broken by design (Danny Fullerton)
Broken by design (Danny Fullerton)
 
IRJET- Security Enhancements by Achieving Flatness in Honeyword for Web u...
IRJET- Security Enhancements by Achieving Flatness in Honeyword for Web u...IRJET- Security Enhancements by Achieving Flatness in Honeyword for Web u...
IRJET- Security Enhancements by Achieving Flatness in Honeyword for Web u...
 
Getting users to care about security
Getting users to care about securityGetting users to care about security
Getting users to care about security
 
Cyber Predicament by Text-Only Password Systems
Cyber Predicament by Text-Only Password SystemsCyber Predicament by Text-Only Password Systems
Cyber Predicament by Text-Only Password Systems
 
3D Password M Sc BHU Sem 1
3D Password M Sc BHU Sem 13D Password M Sc BHU Sem 1
3D Password M Sc BHU Sem 1
 
3d authentication
3d authentication3d authentication
3d authentication
 
C0210014017
C0210014017C0210014017
C0210014017
 
Implementation of Knowledge Based Authentication System Using Persuasive Cued...
Implementation of Knowledge Based Authentication System Using Persuasive Cued...Implementation of Knowledge Based Authentication System Using Persuasive Cued...
Implementation of Knowledge Based Authentication System Using Persuasive Cued...
 
How to 2FA-enable Open Source Applications
How to 2FA-enable Open Source ApplicationsHow to 2FA-enable Open Source Applications
How to 2FA-enable Open Source Applications
 
a)In the words of Snowden properly Imlemented strong crypto system.pdf
a)In the words of Snowden properly Imlemented strong crypto system.pdfa)In the words of Snowden properly Imlemented strong crypto system.pdf
a)In the words of Snowden properly Imlemented strong crypto system.pdf
 
A Novel Revolutionary highly secured Object authentication schema
A Novel Revolutionary highly secured Object authentication schemaA Novel Revolutionary highly secured Object authentication schema
A Novel Revolutionary highly secured Object authentication schema
 
E banking security
E banking securityE banking security
E banking security
 
IRJET-Enhancement of Security using 2-Factor Authentication, 2nd Factor being...
IRJET-Enhancement of Security using 2-Factor Authentication, 2nd Factor being...IRJET-Enhancement of Security using 2-Factor Authentication, 2nd Factor being...
IRJET-Enhancement of Security using 2-Factor Authentication, 2nd Factor being...
 
Human_Factors_KA_webinar_-_slides.pptx
Human_Factors_KA_webinar_-_slides.pptxHuman_Factors_KA_webinar_-_slides.pptx
Human_Factors_KA_webinar_-_slides.pptx
 
Marcos de Pedro Neoris authenware_cybersecurity step1
Marcos de Pedro Neoris authenware_cybersecurity step1Marcos de Pedro Neoris authenware_cybersecurity step1
Marcos de Pedro Neoris authenware_cybersecurity step1
 
Information security questions
Information security questions Information security questions
Information security questions
 

More from Hitoshi Kokumai

Image-to-Code Converter 31July2023.pptx
Image-to-Code Converter 31July2023.pptxImage-to-Code Converter 31July2023.pptx
Image-to-Code Converter 31July2023.pptxHitoshi Kokumai
 
Fend Off Cyberattack with Episodic Memory (24Feb2023)
Fend Off Cyberattack with Episodic Memory (24Feb2023)Fend Off Cyberattack with Episodic Memory (24Feb2023)
Fend Off Cyberattack with Episodic Memory (24Feb2023)Hitoshi Kokumai
 
Slide Share (Updated) - Fend Off Cybercrime with Episodic Memory 29Aug2022
Slide Share (Updated) - Fend Off Cybercrime with Episodic Memory 29Aug2022Slide Share (Updated) - Fend Off Cybercrime with Episodic Memory 29Aug2022
Slide Share (Updated) - Fend Off Cybercrime with Episodic Memory 29Aug2022Hitoshi Kokumai
 
Fend Off Cybercrime with Episodic Memory
Fend Off Cybercrime with Episodic MemoryFend Off Cybercrime with Episodic Memory
Fend Off Cybercrime with Episodic MemoryHitoshi Kokumai
 
Bring healthy second life to legacy password system
Bring healthy second life to legacy password systemBring healthy second life to legacy password system
Bring healthy second life to legacy password systemHitoshi Kokumai
 
Intriguing Evlolution from One to Two and Back to One
Intriguing Evlolution from One to Two and Back to OneIntriguing Evlolution from One to Two and Back to One
Intriguing Evlolution from One to Two and Back to OneHitoshi Kokumai
 
Updated: Presentation with Scripts at CIW2018
Updated: Presentation with Scripts at CIW2018Updated: Presentation with Scripts at CIW2018
Updated: Presentation with Scripts at CIW2018Hitoshi Kokumai
 
Presentation with Scripts at CIWEU2018
Presentation with Scripts at CIWEU2018Presentation with Scripts at CIWEU2018
Presentation with Scripts at CIWEU2018Hitoshi Kokumai
 
Updated: Identity Assurance by Our Own Volition and Memory
Updated: Identity Assurance by Our Own Volition and MemoryUpdated: Identity Assurance by Our Own Volition and Memory
Updated: Identity Assurance by Our Own Volition and MemoryHitoshi Kokumai
 
Deployment of Biometrics & Password - NIST63B
Deployment of Biometrics & Password - NIST63BDeployment of Biometrics & Password - NIST63B
Deployment of Biometrics & Password - NIST63BHitoshi Kokumai
 
Clues to Unravelling Conundrums - Biometrics deployed 'in parallel' as again...
Clues to Unravelling Conundrums - Biometrics deployed 'in parallel' as again...Clues to Unravelling Conundrums - Biometrics deployed 'in parallel' as again...
Clues to Unravelling Conundrums - Biometrics deployed 'in parallel' as again...Hitoshi Kokumai
 
Help unravel the conundrum over NIST authentication guideline
Help unravel the conundrum over NIST authentication guidelineHelp unravel the conundrum over NIST authentication guideline
Help unravel the conundrum over NIST authentication guidelineHitoshi Kokumai
 

More from Hitoshi Kokumai (12)

Image-to-Code Converter 31July2023.pptx
Image-to-Code Converter 31July2023.pptxImage-to-Code Converter 31July2023.pptx
Image-to-Code Converter 31July2023.pptx
 
Fend Off Cyberattack with Episodic Memory (24Feb2023)
Fend Off Cyberattack with Episodic Memory (24Feb2023)Fend Off Cyberattack with Episodic Memory (24Feb2023)
Fend Off Cyberattack with Episodic Memory (24Feb2023)
 
Slide Share (Updated) - Fend Off Cybercrime with Episodic Memory 29Aug2022
Slide Share (Updated) - Fend Off Cybercrime with Episodic Memory 29Aug2022Slide Share (Updated) - Fend Off Cybercrime with Episodic Memory 29Aug2022
Slide Share (Updated) - Fend Off Cybercrime with Episodic Memory 29Aug2022
 
Fend Off Cybercrime with Episodic Memory
Fend Off Cybercrime with Episodic MemoryFend Off Cybercrime with Episodic Memory
Fend Off Cybercrime with Episodic Memory
 
Bring healthy second life to legacy password system
Bring healthy second life to legacy password systemBring healthy second life to legacy password system
Bring healthy second life to legacy password system
 
Intriguing Evlolution from One to Two and Back to One
Intriguing Evlolution from One to Two and Back to OneIntriguing Evlolution from One to Two and Back to One
Intriguing Evlolution from One to Two and Back to One
 
Updated: Presentation with Scripts at CIW2018
Updated: Presentation with Scripts at CIW2018Updated: Presentation with Scripts at CIW2018
Updated: Presentation with Scripts at CIW2018
 
Presentation with Scripts at CIWEU2018
Presentation with Scripts at CIWEU2018Presentation with Scripts at CIWEU2018
Presentation with Scripts at CIWEU2018
 
Updated: Identity Assurance by Our Own Volition and Memory
Updated: Identity Assurance by Our Own Volition and MemoryUpdated: Identity Assurance by Our Own Volition and Memory
Updated: Identity Assurance by Our Own Volition and Memory
 
Deployment of Biometrics & Password - NIST63B
Deployment of Biometrics & Password - NIST63BDeployment of Biometrics & Password - NIST63B
Deployment of Biometrics & Password - NIST63B
 
Clues to Unravelling Conundrums - Biometrics deployed 'in parallel' as again...
Clues to Unravelling Conundrums - Biometrics deployed 'in parallel' as again...Clues to Unravelling Conundrums - Biometrics deployed 'in parallel' as again...
Clues to Unravelling Conundrums - Biometrics deployed 'in parallel' as again...
 
Help unravel the conundrum over NIST authentication guideline
Help unravel the conundrum over NIST authentication guidelineHelp unravel the conundrum over NIST authentication guideline
Help unravel the conundrum over NIST authentication guideline
 

Recently uploaded

Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 

Recently uploaded (20)

Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 

More Issues on Digital Identity (24Feb2023)

  • 1. More Issues on Digital Identity 1 - Phishing Deterrence - Cryptography and Digital Identity - AI and Quantum-Computing - Login under Duress - 2-Channel Expanded Password System - Secure Brain-Machine-Interface - Security-Destructive Passwordless schemes - Misused Biometrics - Stopgap Hybrid Text Password - Dementia and Identity - FIDO and Expanded Password System - Transparency and Integrity - How We Position Our Proposition - Competition or Opportunity - Overcoming Head Wind 24th February, 2023 Hitoshi Kokumai, Chief Architect Mnemonic Identity Solutions Limited I would like to talk about some more topics related to our endeavor of building a solid and sustainable digital identity platform.
  • 2. Phishing Deterrence On Text Password Platform Damage limited only to one targeted account even in the worse case: No password needs to be re-used across multiple accounts where Mnemonic Gateways password manager is deployed On Expanded Password Platform Costs inflicted on phishers of preparing the same Images for each target Costs of ‘Cat & Mouse’ process in which phishers cannot have the initiative “Detection of Phishing by Episodic Image Memory” https://www.slideshare.net/HitoshiKokumai/detection-of-phishing-by-episodic-image-memory- 243182482 The title reads ‘Phishing Deterrence’ , not ‘Phishing Prevention’. Expanded Password System could make a meaningful contribution to deterrence of phishing attacks, although it alone cannot prevent phishing.
  • 3. Cryptography and Digital Identity Protection by cryptography can’t be above protection by login credential Shall we consider a very typical case that a message is encrypted by a cryptographic module that can stand the fiercest brute forces attacks for trillions of years, while the digital identity of the recipient who is to decrypt the encrypted message is protected by a password that a PC can break in a matter of hours or even minutes? Protection by cryptography can’t be above protection by login credential, passwords in most cases. The lower of the two decides the overall protection level. This observation urges us to make the secret credentials the most solid and reliable where the data to protect is classified. Here we propose that we can make use of operators’ episodic memory that is firmly inscribed deep in their brains for their secret credentials.
  • 4. Impact of AI and Quantum Computing https://aitechtrend.com/quantum-computing-and-password-authentication/ In its publication in autumn 2021 USA’s NSA said “We ‘don’t know when or even if’ a quantum computer will ever be able to break today’s public-key encryption” In view of that observation, in an article “Quantum Computing and Password Authentication” I wrote “Let us assume, however, that quantum computing has suddenly made a quantum leap and becomes able to break today’s public key schemes. Would we have to despair? We do not need to panic. Bad guys, who have a quantum computer at hand, would still have to break the part of user authentication, that is NOT dependent on the public- key scheme, prior to accessing the target data, in the normal environment where secret credentials, that is, remembered passwords, play a big role.” My article , published in early October 2021, became the ‘most trending’ at NY-based aiTech Trend in February 2022 and still retains that status. This phenomenon probably tells much on how concerned artificial intelligence people are about the issue of passwords and identity assurance with respect to the uncontrolled progress of AI and Quantum Computing.
  • 5. Login under Duress The issue of Login under Duress is taken care of since 2003 . Watch this video - “High-Security Operation on PC for managers” https://www.youtube.com/watch?v=UO_1fEp2jFo The bad guy who is forcing the user to make a login under duress without knowing how many images the user had registered, would have no idea of whether the user selected an extra image or not, whereas the software would detect it, allow the login and guide the bad guy to a dummy data section while silently sending a real-time alarm to security personnel. The issue of Login under Duress is already taken care of since 2003 . Watch this video - “High-Security Operation on PC for managers” At 2 minutes 40 seconds, you will be watching the registration page, on which you find a box for ‘Yes or No ‘ for “Emergency PassSymbol”. Click ‘Yes’ and you will be able to register an extra image as a duress code. The bad guy who is forcing the user to make a login under duress without knowing how many images the user had registered, would have no idea of whether the user selected an extra image or not, whereas the software would detect it, allow the login and guide the bad guy to a dummy data section while silently sending a real-time alarm to security personnel. This function had been implemented a decade before Japan’s Army talked to us; We did not assume that such duress alarming function would be rarely appreciated outside the military but anticipated that the more digital assets are piled up in the digital space, the more frequently the cases of forced login under duress will happen.
  • 6. 6 2-Channel Expanded Password System Using physical onetime tokens is said to be more secure than using phones for receiving onetime code via Short Message Service as one of the two authentication factors. However, the use of physical tokens brings its own headache. What shall we do if we have dozens of accounts that require two factor schemes? Carrying around a bunch of dozens of physical tokens? Or, re-using the same tokens across dozens of accounts? The former would be too cumbersome and too easily attract attention of bad guys, physically creating a single point of failure, while the latter would be very convenient but brings the similar single point of failure in another way. Well, what if random onetime numbers or characters are allocated to each image on the matrix shown on a user’s second device. Recognizing the registered images, the user will feed these numbers or characters on a main device. From those onetime data, the authentication server will tell the images that user is supposed to have registered as the credential. All that is needed at the users’ end is just a web browser on a second device. With all different sets of images for all different accounts, a single phone can readily cope with dozens of accounts without creating a single point of failure. This is not a hypothesis. We actually have a use case of commercial implementation.
  • 7. Secure Brain-Machine-Interface Ask the users to focus their attention on the numbers or characters given to the registered images. Random numbers or characters allocated to the images. Neuro signals are monitored via a separate channel. A simple brain-monitoring has a security problem. The data, if wiretapped by criminals, can be replayed for impersonation straight away. The monitored brain data should be a onetime disposable code. An idea is that the authentication system allocates random numbers or characters to the images shown to the user. The user focuses their attention on the numbers or characters given to the images they had registered. The monitoring system will collect the brain-generated onetime signals corresponding to the registered images. Incidentally, the channel for showing the pictures is supposed to be separated from the channel for brain-monitoring. Even if intercepting successfully, criminals would be unable to impersonate the user because the intercepted data was onetime and disposed upon use.
  • 8. Have a Break Published in 2005 This comic looks more relevant now than 18 years ago when it was published. Please have this 2-minute break with the comic.
  • 9. Security-Destructive ‘Passwordless’ Schemes Here is a one-stop reference paper on this problem “How to not see our weak digital identity further weakened” https://www.linkedin.com/pulse/how-see-our-weak-digital-identity-further-weakened-hitoshi-kokumai/ Where removing the password increase security of digital identity, we would find such picture at every ATM . We would also hear “Remove the army and we will have a stronger national defense” We could accept “Passwordless” authentication without losing sanity if it comes with a transparent statement that it brings ‘better availability’ at the cost of losing security, helping people where availability and convenience, not security, matters most. The problem is that the “passwordless” promoters are adamantly alleging that the passwordless schemes are to increase security, thus spreading a false sense of security. The false sense of security is not only weakening the defence of democratic nations from within when we have to cope with the yet increasing cybersecurity threats from aggressive anti-democracy regimes, but also preventing global citizens from being better prepared against the threats by making good use of the defence surface of the password and its expanded developments.
  • 10. More on ‘Passwordless’ Authentication (1) Password-less + nothing else; the least secure (2) Password-less + something else; securer than (1) (3) Password + something else: point of arguments (1) Token-less + nothing else; the least secure (2) Token-less + something else; securer than (1) (3) Token + something else: point of arguments Let me try a breakdown of the passwordless concept. (1) Password-less + nothing else; the least secure (2) Password-less + something else; securer than (1) (3) Password + something else: here is the point of arguments By our criteria, the security increases from 1 to 3. However, by the “passwordless” folks’ criteria, the security of (2) is viewed as higher than (3), presumably because an attack surface of the password is removed in (2) whereas there is an attack surface on the password in (3). Well, let me try the same for “token-less” login. (1) Token-less + nothing else; the least secure (2) Token-less + something else; securer than (1) (3) Token + something else: here is the point of arguments By our criteria, the security increases from 1 to 3. However, by the “passwordless” folks’ criteria, the security of (2) should be viewed as higher than (3) because an attack surface of the token is removed in (2) whereas there is an attack surface on the token in (3). Did you find it fun or very worrying?
  • 11. More on ‘Passwordless’ Authentication Posts on this issue are collected at “LOSS of Security Taken for GAIN of Security” https://www.linkedin.com/pulse/loss-security-taken-gain-hitoshi-kokumai/ The ‘passwordless’ promoters might have been trapped in a cognitive pitfall. From my experience of debating with them, We suspect that there are three possible scenarios - (1) They may have taken 'what is not good and helpful enough' for 'what is ‘bad and harmful’. (2) They may have failed to notice that a token, whether PKI-based or otherwise, also carries the attack surface of being stolen or otherwise compromised. (3) They may have assumed that a defense surface is a part of an attack surface in the case of password. We wish that the ‘passwordless’ folks had listened to our advice.
  • 12. Misused Biometrics 12 30-second Video YouTube Surprisingly many people are promoting, selling and adopting biometrics as a tool of identity authentication without the basic knowledge of the very technology. Get graphs to talk the nature of biometrics - By nature, whether static or behavioural, all the biometrics technologies are 'probabilistic' since it measures unpredictably variable body features of living animals in ever changing environments. - False Acceptance and False Rejection are not the variables that are independent from each other, but are dependent on each other. - The lower a False Acceptance Rate is, the higher the corresponding False Rejection Rate is. The lower a False Rejection Rate, the higher the corresponding False Acceptance Rate. - When a False Acceptance Rate is close to Zero, the corresponding False Rejection Rate is close to One. When an False Rejection Rate is close to Zero, the corresponding False Acceptance Rate is close to One. - The presence of False Rejection, however close to Zero, would require a fallback means against the False Rejection unless the user can forget the availability.
  • 13. More on ‘Biometrics’ Authentication More discussions on this subject collected at “Biometrics Unravelled | password-dependent password-killer” https://www.linkedin.com/pulse/biometrics-unravelled-password-dependent-hitoshi-kokumai/ This house has added a new door with biometrics with near-zero false acceptance besides an old door with a weak password that the biometrics vendor ridiculed harshly. The client asks “The new door looks very impressive. But why does the old door stay?” The vendor replies “The new door rejects criminals so effectively that you might also be rejected occasionally” Shortly thereafter, a burglar is delighted to utter “Very convenient! I can attack both of the two” As such, biometrics used with a fallback password brings down the security that the password has provided. However powerful and influential the biometrics vendor may be, like Apple, Google and Microsoft are, they cannot change this fact. Incidentally, there would be nothing wrong in deploying biometrics with a default/fallback password if vendors state transparently that the benefit of biometrics used for authentication in cyberspace is ‘better availability’ obtained by sacrificing the security that the password on its own somehow provides. What is wrong is that they mislead the public to believe that it contributes to ‘better security’, thus spreading a false sense of security and thereby weakening the defence line of democratic nations from within when we have to face fierce cyberattacks from adversaries of democracy.
  • 14. Stopgap Hybrid Text Password Factor 1 – Password Remembered (what we know/remember) Factor 2 – Password Written Down or Physically Stored (what we have/possess) 14 Effect - A ‘boring legacy password system’ turning into a no-cost hybrid password system made of ‘what we know’ and ‘what we have’. The problems that are caused by ‘hard-to-manage’ passwords will be drastically mitigated when we come up with “Mnemonic Gateways” password manager driven by Expanded Password System (EPS) and other EPS-based solutions with which the secret credentials for login can be generated and re-generated from non-volatile citizens episodic image memory. While we have to wait for it to happen, we are suggesting a stopgap measure of combining two kinds of passwords - one that we can easily remember and recall , with the other that is truly random and complex for electronical storage on a device. When in use, we recall and type the former and copy&paste the latter. We call it ‘Hybrid Text Password’. It is not as safe and simple as remembering the whole of it but much safer than storing the whole of it. But, would you be interested to talk about the size of a cake that we know is not edible? The hybrid password is what I myself have long been practicing for high-security accounts that accept only text-passwords.
  • 15. Dementia and Authentication When people become unable to recognise the unforgettable images of their episodic memory that they had volitionally registered as login credentials, it is probably the time that guardianship should be considered for them. “Your solution, Expanded Password System powered by citizens’ non-volatile episodic memory, has a big drawback of being useless for the authentication of people with advanced dementia.” - This is what I kept hearing over 20 years, mostly from the people who promote passwordless and biometrics authentication schemes. “When people become unable to recognise the unforgettable images of their episodic memory that they had volitionally registered as login credentials, it is probably the time that guardianship should be considered for them. While it’s possible to get them ‘identified’, getting them ‘authenticated’ should be viewed as a crime in a democratic society”. - This is what I kept answering over the 20 years.
  • 16. FIDO and Expanded Password System We might be watching two FIDOs; (1) Password-receptive FIDO (2) Password-rejective FIDO A password-repelled (passwordless) FIDO-specified product should not be recommend to the people who need a good security, although it might be acceptable for low-security use cases where availability and convenience matter more. The subject of FIDO frequently pops up in our digital identity discussions. We might be watching two FIDOs; (1) Password-receptive FIDO (2) Password-rejective FIDO We deem that the FIDO specification on its own is (1), although some FIDO people sound as if (2) is the case. A password-repelled (passwordless) FIDO-specified product should not be recommend to the people who need a good security, although it might be acceptable for low- security use cases where availability and convenience matter more. On the other hand, irrespective of how friendlily or unfriendlily FIDO people look at us, we are certain that Expanded Password System powered by citizens’ non-volatile episodic memory is perfectly compatible with the device-based FIDO specification for providing very solid two/multi-factor authentication solutions. Furthermore, such two/multi-factor solutions would be truly robust when the post- quantum cryptography is incorporated. The same reasoning applies to other forms of device-based authentication schemes.
  • 17. Transparency and Integrity Let me talk about the moral responsibility of those of us who have awoken Firstly, It would not be very wise to get the defence line weakened from within when facing formidable adversaries who are known to be making every effort to destroy the values of democracy. What I mean is the lack of transparency and integrity over the “passwordless” and “biometrics” authentication schemes that quite a few security professionals and big IT players are touting, as discussed earlier. We have been trying to stay tenacious since we awoke to this consequential problem, probably as one of the first few to have awoken to it. We do not want to be among those who knowingly turn a blind eye to the ongoing erosion of the democratic values due to a wrong design of digital transformation when facing the dreadful democracy-destroyers. Secondly, once we are awake to what role the power and merits of citizens’ non- volatile episodic memory can play for solid digital identity, it cannot be an option for us to be hesitant to press ahead proactively and energetically, especially in the current perilous circumstances. We would like to believe that our endeavour is viewed as worth the support of all the good citizens.
  • 18. How We Position Our Proposition The underpinning principle of Expanded Password System will not go away so long as people want their own volition and memory to remain involved in identity authentication. 18 It’s Legitimate Successor to Seals and Autographs More on the Power of Citizens’ Non-Volatile Episodic Memory Starting with the perception that our continuous identity as human being is made of our autobiographic memory, we are making identity authentication schemes better by leveraging the time-honored tradition of seals and autographs The underpinning principle of Expanded Password System shall not go away so long as people want our own volition and memory to remain involved in identity assurance.
  • 19. Competition or Opportunity Password-managers, single-sign-on service? Passwords required as the master-password: Opportunity. Two/multi-factor authentication? Passwords required as one of the factors: Opportunity. Pattern-on-grid, emoji, conventional picture passwords? Deployable on our platform: Opportunity. Biometrics? Passwords required as a backup means: Opportunity. What can be thought of as competition to Expanded Password System? 1. Password-managers and single-sign-on services require passwords as the master- password. 2. Two/Multi-factor authentications require passwords as one of the factors. 3. Pattern-on-grid, conventional picture passwords and emoji-passwords can all be deployed on our platform. 4. Biometrics requires passwords as a fallback means. As such, competition could be thinkable only among the different products of the family of Expanded Password System. By the way, some people claim that PIN can eliminate passwords, but logic dictates that it can never happen since PIN is no more than a weak form of numbers-only password. Neither can Passphrase, which is no more than a long password. There are also some people who talk about the likes of PKI and onetime passwords as an alternative to passwords. But it is like talking about a weak door and proposing to enhance the door panel as an alternative to enhancing the lock and key.
  • 20. Exciting Scenery of Digital Identity Overcoming Head Wind “LOSS of Security Taken for GAIN of Security” - https://www.linkedin.com/pulse/loss-security-taken-gain-hitoshi-kokumai/ We look tiny and sound feeble. They look massive and sound mighty. We are made of logical fact-based non-flammable graphene. They are made of illogical fallacy-based inflammable paper. ‘We’ mean the forces who advocate the digital identity for which citizens’ volition and memory play a critical role, supporting the solid identity security and the values of democracy. ‘They’ mean the forces who advocate the digital identity from which citizens’ volition and memory are removed, damaging the identity security and the values of democracy. Big names like GAFAM are found as part of the paper elephant, which make them look really massive and sound extremely loud. Whether looking tiny or massive, whether sounding feeble or mighty, it does not matter. It’s fact and logic that decides the endgame. We will prevail in due course.