SlideShare a Scribd company logo

Bring healthy second life to legacy password system

Hitoshi Kokumai
Hitoshi Kokumai

Passwords are said to be too vulnerable to theft and too hard to manage. Many people sound as if the password were an enemy of people. Some people even allege that removal of the password would improve the security of digital identity. Let us examine how valid such views are. More information at https://www.mnemonicidentitysolutions.com/

Technology
1 of 14
Download to read offline
スライド 1 Bring Healthy Second Life to Legacy Password System Identity Assurance by Our Own Volition and Memory Mnemonic Identity Solutions Limited United Kingdom/Japan 15 August, 2021
スライド 2 Problem - Password Predicament Secret credentials are indispensable for identity assurance, whereas passwords are hard to manage. Passwords are said to be too vulnerable to theft and too hard to manage. Many people sound as if the password were an enemy of people. Some people even allege that removal of the password would improve the security of digital identity. Let us examine how valid such views are. By the way, the word ‘Password’ is interpreted in two ways in different contexts. In some cases, it narrowly means conventional ‘text password’. In other cases, it broadly means the whole family of ‘secret credential’. I talk the latter interpretation here, say, the whole family of secret credentials.
スライド 3 What if Password is Removed? Our Answer – Password-less Security is to Cyber Security what Army-less Defence is to National Defence Or such a PIN-less ATM as “The army is so vulnerable to air attack. What is vulnerable to attack is detrimental to our defence. Therefore, we must remove the army so that we will have a stronger national defence.” Hearing me mention the above, you might well think I am making a bad joke, since this proposition sounds too insane. I am, however, dead serious. The army-less defence should be viewed as valid where people believe in the merit of ‘password-less authentication, alleging “The password is so vulnerable to theft. What is vulnerable is detrimental. Therefore, we need to remove the password so that we will have a stronger identity security.” Well, in many of the password-removed authentication schemes, biometrics is supposed to play a big role. Let us examine next whether and how it can displace the password.
スライド 4 What if Password is Displaced by Biometrics? Our Answer– Biometrics is to Password what Back Door is to Front Door Most, if not all, of the user devices come with a password or pincode authentication as a default login function. Most, if not all, of the user devices that come with a biometrics login accept the login by biometric as well as the login by a default password. Let me try to make the relation of the biometrics and the ‘default password’ clearer with the picture of a house with a front door of a deterministic password login, to which a back door of probabilistic biometrics login was added as another entrance. Residents are required to use the seemingly-convenient back door as the first choice for entry, until they get falsely rejected there by the probabilistic biometrics. The residents rejected at the backdoor would be required to try the front door of a deterministic password login. The correct residents with correct memory are expected to be accepted deterministically. If the one-door house was not secure enough in the first place, the two-doored house is made even less secure. Bad guys, who are now given the chance to break the back door as well as the front door, can enjoy an increased attack surface., i.e., lowered defense. Now, we have thus confirmed that the view that biometrics contributes to identity security is falsity. Incidentally, what ‘being probabilistic’ means is that it cannot escape the trade-off between False Acceptance (false positive/false match) and False Rejection (false negative/false non-match) and therefore it cannot be used on its own without sacrificing the availability, whereas ‘being deterministic’ means that it can be used on its own.
スライド 5 ’Non-Text’ Secret Credential Now we have come to confirm that removing the password would only make the matter worse. Can we only despair? The secret credential (A) is made of the text credential (B) and the non-text credential (Non-B). The relations among the 3 elements are illustrated here. It is really a no-brainer question unless we are so reckless to assume that a safe and orderly societal life can exist without a solid identity assurance made possible by the solid secret credential.
スライド 6 Solution Well, we propose that we can make use of our autobiographic memory, especially episodic memory that is coloured in joyful, healing and heartening emotion from our pleasant experience. The identity authentication by pleasant episodic image memory also enables us to • recognise dozens of different secret credentials effortlessly (2) manage the correspondence between the accounts and the passwords • re-generate cryptographic keys on-the-fly (4) provide a solid defence against advanced persistent threats
スライド 7 Theory - Science of Human Memory With emotion-colored episodic image memory, ‘Hard-to-forget’ secret credentials are easily achievable ‘Easy-to-Remember’ is one thing. ‘Hard-to-Forget’ is another - The observation that images are easy to remember has been known for many decades; it is not what we wish to talk. What we discuss is that ‘images of our emotion-coloured episodic memory’ is ‘Hard to Forget’ to the extent that it is ‘Panic-Proof Images of toys, dolls, dogs and cats, for example, that our children used to love for years would jump into our eye even when we are placed in heavy pressure and caught in severe panic. It never fails to brings us joy and comfort. The login can now be joyful, healing and heartening with Expanded Password System (EPS) that enables us to use our pleasant episodic image memory that had been acquired decades ago and solidly inscribed deep in our brain.
スライド 8 Wide choice of secret credentials We are free to continue to use the remembered passwords as before, although the memory ceiling is very low. Most of us can manage only up to several of them. We could opt to recognize the pictures remembered in stories where we want to reduce a burden of textual passwords. The memory ceiling is high, that is, we would be able to manage more and more of them. Where we opt to make use of episodic image memory, we would only need to recognize the known and hard-to-forget images. There is virtually no memory ceiling, that is, we would be able to manage as many passwords as we like, without any extra efforts.
スライド 9 Being able to recall strong passwords is one thing. Being able to recall the correspondence between accounts and passwords is another. When different sets of images are allocated to different accounts, those unique image matrices will be telling you which images you should pick up as your credential for this or that account. When using hard-to-forget images of our episodic memories, EPS will free us from the burden of managing the relation between accounts and the corresponding passwords.
スライド 10 Bring a healthy second life to legacy password systems We do not have to replace or rebuild the existing text password systems for making use of episodic memory; images of our episodic memory can be turned into a high-entropy code with a simple tweak. All that we need to do is ensure that our legacy password system accepts very long passwords, desirably hundreds of characters, for obtaining very high-entropy hashed values that can stand fierce brute force attacks.
スライド 11 Use Cases Consumers – 140,000 online shoppers enjoyed friction- less login from 2004 to 2008 Corporations - 1,200 people enjoying secure login by 2- channel authentication since 2014 Military – ‘Panic-proof’ field use at Japan’s Ground Self- Defense Force (Army) Now I would like to talk who adopted EPS for What. A telecom company who built a payment system designed for a million online shoppers adopted EPS for accepting ‘Hard-to-Forget’ and yet ‘Hard-to-Break’ credentials and for reducing the helpdesk cost drastically. Actually 140,000 online shoppers enjoyed the no friction login for 5 years. An IT corporation who built a security-conscious corporate network adopted EPS deployed in 2-channel/2-factor scheme for accepting ‘Very Hard-to-Break’ and yet ‘Hard-to-Forget’ credentials. 1,200 employees have long enjoyed the good balance of security and usability. Japan’s Self-Defence Ground Force, aka, Army, adopted our solution for accepting ‘Panic-Proof’ and yet ‘Hard-to-Break’ credentials. The number of licenses has increased more than 10-fold over the 8-year period from 2013 and is set to increase further.
スライド 12 Mission Make Expanded Password System solutions readily available to all the global citizens – rich and poor, young and old, healthy and disabled, literate and illiterate, in peace and in disaster – over many generations until humans discover something other than 'digital identity' for our safe and orderly societal life. Our mission is to make -----
スライド 13 Another Mission For global citizens to enjoy a safer identity assurance, we need to debunk wide-spread misperceptions such as “indispensable passwords be removed altogether” and “passwords be displaced by password-dependent biometrics” We have another big mission ---
スライド 14 Who We Are Mnemonic Identity Solution Limited was founded in UK in August 2020 by Hitoshi Kokumai (left), who invented Expanded Password System in 2000 in Japan. Now launching the global operations from UK. More information at https://www.mnemonicidentitysolutions.com/ With the core concept invented in early 2000, we launched the business operation in late 2001 under the name of Mnemonic Security, Inc, which was the world’s first company to provide the software products that offer ‘Hard-to-Forget’, ‘Hard-to-Break’ and ‘Panic-Proof’ digital identity authentication. We registered Mnemonic Identity Solutions Limited in UK in August 2020 as the global headquarters with the mission of globally promoting 'identity assurance by our own volition and memory for 'secure digital identity in post-pandemic cyberspace. Once the Covid pandemic subsides in UK and Japan, we will resume the active pursuit of the global objective. Thank you for your time.

Recommended

Intriguing Evlolution from One to Two and Back to One
Intriguing Evlolution from One to Two and Back to OneIntriguing Evlolution from One to Two and Back to One
Intriguing Evlolution from One to Two and Back to OneHitoshi Kokumai
 
Identity Theft
Identity TheftIdentity Theft
Identity TheftDebt Management Credit Counseling Corp
 
Protect Yourself Against Identity Theft
Protect Yourself Against Identity TheftProtect Yourself Against Identity Theft
Protect Yourself Against Identity Theftpmass
 
Anil Malhotra presents Bango
Anil Malhotra presents BangoAnil Malhotra presents Bango
Anil Malhotra presents BangoCanvas8
 
Demystifying The Crypto Lending Market: A Close Look At Digital Asset-Backed ...
Demystifying The Crypto Lending Market: A Close Look At Digital Asset-Backed ...Demystifying The Crypto Lending Market: A Close Look At Digital Asset-Backed ...
Demystifying The Crypto Lending Market: A Close Look At Digital Asset-Backed ...EmilyBroadbent1
 
Slide Share (Updated) - Fend Off Cybercrime with Episodic Memory 29Aug2022
Slide Share (Updated) - Fend Off Cybercrime with Episodic Memory 29Aug2022Slide Share (Updated) - Fend Off Cybercrime with Episodic Memory 29Aug2022
Slide Share (Updated) - Fend Off Cybercrime with Episodic Memory 29Aug2022Hitoshi Kokumai
 
Fend Off Cybercrime with Episodic Memory
Fend Off Cybercrime with Episodic MemoryFend Off Cybercrime with Episodic Memory
Fend Off Cybercrime with Episodic MemoryHitoshi Kokumai
 
Updated: Presentation with Scripts at CIW2018
Updated: Presentation with Scripts at CIW2018Updated: Presentation with Scripts at CIW2018
Updated: Presentation with Scripts at CIW2018Hitoshi Kokumai
 

More Related Content

Similar to Bring healthy second life to legacy password system

Fend Off Cyberattack with Episodic Memory (24Feb2023)
Fend Off Cyberattack with Episodic Memory (24Feb2023)Fend Off Cyberattack with Episodic Memory (24Feb2023)
Fend Off Cyberattack with Episodic Memory (24Feb2023)Hitoshi Kokumai
 
Presentation with Scripts at CIWEU2018
Presentation with Scripts at CIWEU2018Presentation with Scripts at CIWEU2018
Presentation with Scripts at CIWEU2018Hitoshi Kokumai
 
Business Dimension of Expanded Password System
Business Dimension of Expanded Password SystemBusiness Dimension of Expanded Password System
Business Dimension of Expanded Password SystemHitoshi Kokumai
 
Expanded password system - Reliable Identity Assurance
Expanded password system - Reliable Identity AssuranceExpanded password system - Reliable Identity Assurance
Expanded password system - Reliable Identity AssuranceHitoshi Kokumai
 
Clues to Unravelling Conundrums - Biometrics deployed 'in parallel' as again...
Clues to Unravelling Conundrums - Biometrics deployed 'in parallel' as again...Clues to Unravelling Conundrums - Biometrics deployed 'in parallel' as again...
Clues to Unravelling Conundrums - Biometrics deployed 'in parallel' as again...Hitoshi Kokumai
 
More Issues on Digital Identity (24Feb2023)
More Issues on Digital Identity (24Feb2023)More Issues on Digital Identity (24Feb2023)
More Issues on Digital Identity (24Feb2023)Hitoshi Kokumai
 
Sept 2014 cloud security presentation
Sept 2014 cloud security presentationSept 2014 cloud security presentation
Sept 2014 cloud security presentationJoan Dembowski
 
Why is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewWhy is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewSTO STRATEGY
 
Why is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewWhy is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewYury Chemerkin
 
Two factor authentication
Two factor authenticationTwo factor authentication
Two factor authenticationHai Nguyen
 
Two factor authentication
Two factor authenticationTwo factor authentication
Two factor authenticationHai Nguyen
 
Yours Advance Security Hood (Yash)
Yours Advance Security Hood (Yash)Yours Advance Security Hood (Yash)
Yours Advance Security Hood (Yash)IOSR Journals
 
5 Ways to Protect your Mobile Security
5 Ways to Protect your Mobile Security5 Ways to Protect your Mobile Security
5 Ways to Protect your Mobile SecurityLookout
 
Watch Out For That Bus! (Personal Disaster Recovery Planning) - BSidesDC 2018
Watch Out For That Bus! (Personal Disaster Recovery Planning) - BSidesDC 2018Watch Out For That Bus! (Personal Disaster Recovery Planning) - BSidesDC 2018
Watch Out For That Bus! (Personal Disaster Recovery Planning) - BSidesDC 2018David Minch
 
Internet Safety.pptx
Internet Safety.pptxInternet Safety.pptx
Internet Safety.pptxAljunMisa
 
Passwords in the Internet Age - Jim Salter
Passwords in the Internet Age - Jim SalterPasswords in the Internet Age - Jim Salter
Passwords in the Internet Age - Jim SalterIT-oLogy
 
CIS14: Identifying Things (and Things Identifying Us)
CIS14: Identifying Things (and Things Identifying Us)CIS14: Identifying Things (and Things Identifying Us)
CIS14: Identifying Things (and Things Identifying Us)CloudIDSummit
 
An Expert Panel on Safe Credentials
An Expert Panel on Safe CredentialsAn Expert Panel on Safe Credentials
An Expert Panel on Safe CredentialsEvernym
 
Cyber Predicament by Text-Only Password Systems
Cyber Predicament by Text-Only Password SystemsCyber Predicament by Text-Only Password Systems
Cyber Predicament by Text-Only Password SystemsHitoshi Kokumai
 

Similar to Bring healthy second life to legacy password system (20)

Fend Off Cyberattack with Episodic Memory (24Feb2023)
Fend Off Cyberattack with Episodic Memory (24Feb2023)Fend Off Cyberattack with Episodic Memory (24Feb2023)
Fend Off Cyberattack with Episodic Memory (24Feb2023)
 
Presentation with Scripts at CIWEU2018
Presentation with Scripts at CIWEU2018Presentation with Scripts at CIWEU2018
Presentation with Scripts at CIWEU2018
 
issue15
issue15issue15
issue15
 
Business Dimension of Expanded Password System
Business Dimension of Expanded Password SystemBusiness Dimension of Expanded Password System
Business Dimension of Expanded Password System
 
Expanded password system - Reliable Identity Assurance
Expanded password system - Reliable Identity AssuranceExpanded password system - Reliable Identity Assurance
Expanded password system - Reliable Identity Assurance
 
Clues to Unravelling Conundrums - Biometrics deployed 'in parallel' as again...
Clues to Unravelling Conundrums - Biometrics deployed 'in parallel' as again...Clues to Unravelling Conundrums - Biometrics deployed 'in parallel' as again...
Clues to Unravelling Conundrums - Biometrics deployed 'in parallel' as again...
 
More Issues on Digital Identity (24Feb2023)
More Issues on Digital Identity (24Feb2023)More Issues on Digital Identity (24Feb2023)
More Issues on Digital Identity (24Feb2023)
 
Sept 2014 cloud security presentation
Sept 2014 cloud security presentationSept 2014 cloud security presentation
Sept 2014 cloud security presentation
 
Why is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewWhy is password protection a fallacy a point of view
Why is password protection a fallacy a point of view
 
Why is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewWhy is password protection a fallacy a point of view
Why is password protection a fallacy a point of view
 
Two factor authentication
Two factor authenticationTwo factor authentication
Two factor authentication
 
Two factor authentication
Two factor authenticationTwo factor authentication
Two factor authentication
 
Yours Advance Security Hood (Yash)
Yours Advance Security Hood (Yash)Yours Advance Security Hood (Yash)
Yours Advance Security Hood (Yash)
 
5 Ways to Protect your Mobile Security
5 Ways to Protect your Mobile Security5 Ways to Protect your Mobile Security
5 Ways to Protect your Mobile Security
 
Watch Out For That Bus! (Personal Disaster Recovery Planning) - BSidesDC 2018
Watch Out For That Bus! (Personal Disaster Recovery Planning) - BSidesDC 2018Watch Out For That Bus! (Personal Disaster Recovery Planning) - BSidesDC 2018
Watch Out For That Bus! (Personal Disaster Recovery Planning) - BSidesDC 2018
 
Internet Safety.pptx
Internet Safety.pptxInternet Safety.pptx
Internet Safety.pptx
 
Passwords in the Internet Age - Jim Salter
Passwords in the Internet Age - Jim SalterPasswords in the Internet Age - Jim Salter
Passwords in the Internet Age - Jim Salter
 
CIS14: Identifying Things (and Things Identifying Us)
CIS14: Identifying Things (and Things Identifying Us)CIS14: Identifying Things (and Things Identifying Us)
CIS14: Identifying Things (and Things Identifying Us)
 
An Expert Panel on Safe Credentials
An Expert Panel on Safe CredentialsAn Expert Panel on Safe Credentials
An Expert Panel on Safe Credentials
 
Cyber Predicament by Text-Only Password Systems
Cyber Predicament by Text-Only Password SystemsCyber Predicament by Text-Only Password Systems
Cyber Predicament by Text-Only Password Systems
 

Recently uploaded

Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
Digital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentDigital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentMahmoud Rabie
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsYoss Cohen
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...itnewsafrica
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...amber724300
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...Karmanjay Verma
 
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...BookNet Canada
 
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sectoritnewsafrica
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkPixlogix Infotech
 
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Jeffrey Haguewood
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructureitnewsafrica
 

Recently uploaded (20)

Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
Digital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentDigital Tools & AI in Career Development
Digital Tools & AI in Career Development
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platforms
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
 
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
 
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
 
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
 

Bring healthy second life to legacy password system

  • 1. スライド 1 Bring Healthy Second Life to Legacy Password System Identity Assurance by Our Own Volition and Memory Mnemonic Identity Solutions Limited United Kingdom/Japan 15 August, 2021
  • 2. スライド 2 Problem - Password Predicament Secret credentials are indispensable for identity assurance, whereas passwords are hard to manage. Passwords are said to be too vulnerable to theft and too hard to manage. Many people sound as if the password were an enemy of people. Some people even allege that removal of the password would improve the security of digital identity. Let us examine how valid such views are. By the way, the word ‘Password’ is interpreted in two ways in different contexts. In some cases, it narrowly means conventional ‘text password’. In other cases, it broadly means the whole family of ‘secret credential’. I talk the latter interpretation here, say, the whole family of secret credentials.
  • 3. スライド 3 What if Password is Removed? Our Answer – Password-less Security is to Cyber Security what Army-less Defence is to National Defence Or such a PIN-less ATM as “The army is so vulnerable to air attack. What is vulnerable to attack is detrimental to our defence. Therefore, we must remove the army so that we will have a stronger national defence.” Hearing me mention the above, you might well think I am making a bad joke, since this proposition sounds too insane. I am, however, dead serious. The army-less defence should be viewed as valid where people believe in the merit of ‘password-less authentication, alleging “The password is so vulnerable to theft. What is vulnerable is detrimental. Therefore, we need to remove the password so that we will have a stronger identity security.” Well, in many of the password-removed authentication schemes, biometrics is supposed to play a big role. Let us examine next whether and how it can displace the password.
  • 4. スライド 4 What if Password is Displaced by Biometrics? Our Answer– Biometrics is to Password what Back Door is to Front Door Most, if not all, of the user devices come with a password or pincode authentication as a default login function. Most, if not all, of the user devices that come with a biometrics login accept the login by biometric as well as the login by a default password. Let me try to make the relation of the biometrics and the ‘default password’ clearer with the picture of a house with a front door of a deterministic password login, to which a back door of probabilistic biometrics login was added as another entrance. Residents are required to use the seemingly-convenient back door as the first choice for entry, until they get falsely rejected there by the probabilistic biometrics. The residents rejected at the backdoor would be required to try the front door of a deterministic password login. The correct residents with correct memory are expected to be accepted deterministically. If the one-door house was not secure enough in the first place, the two-doored house is made even less secure. Bad guys, who are now given the chance to break the back door as well as the front door, can enjoy an increased attack surface., i.e., lowered defense. Now, we have thus confirmed that the view that biometrics contributes to identity security is falsity. Incidentally, what ‘being probabilistic’ means is that it cannot escape the trade-off between False Acceptance (false positive/false match) and False Rejection (false negative/false non-match) and therefore it cannot be used on its own without sacrificing the availability, whereas ‘being deterministic’ means that it can be used on its own.
  • 5. スライド 5 ’Non-Text’ Secret Credential Now we have come to confirm that removing the password would only make the matter worse. Can we only despair? The secret credential (A) is made of the text credential (B) and the non-text credential (Non-B). The relations among the 3 elements are illustrated here. It is really a no-brainer question unless we are so reckless to assume that a safe and orderly societal life can exist without a solid identity assurance made possible by the solid secret credential.
  • 6. スライド 6 Solution Well, we propose that we can make use of our autobiographic memory, especially episodic memory that is coloured in joyful, healing and heartening emotion from our pleasant experience. The identity authentication by pleasant episodic image memory also enables us to • recognise dozens of different secret credentials effortlessly (2) manage the correspondence between the accounts and the passwords • re-generate cryptographic keys on-the-fly (4) provide a solid defence against advanced persistent threats
  • 7. スライド 7 Theory - Science of Human Memory With emotion-colored episodic image memory, ‘Hard-to-forget’ secret credentials are easily achievable ‘Easy-to-Remember’ is one thing. ‘Hard-to-Forget’ is another - The observation that images are easy to remember has been known for many decades; it is not what we wish to talk. What we discuss is that ‘images of our emotion-coloured episodic memory’ is ‘Hard to Forget’ to the extent that it is ‘Panic-Proof Images of toys, dolls, dogs and cats, for example, that our children used to love for years would jump into our eye even when we are placed in heavy pressure and caught in severe panic. It never fails to brings us joy and comfort. The login can now be joyful, healing and heartening with Expanded Password System (EPS) that enables us to use our pleasant episodic image memory that had been acquired decades ago and solidly inscribed deep in our brain.
  • 8. スライド 8 Wide choice of secret credentials We are free to continue to use the remembered passwords as before, although the memory ceiling is very low. Most of us can manage only up to several of them. We could opt to recognize the pictures remembered in stories where we want to reduce a burden of textual passwords. The memory ceiling is high, that is, we would be able to manage more and more of them. Where we opt to make use of episodic image memory, we would only need to recognize the known and hard-to-forget images. There is virtually no memory ceiling, that is, we would be able to manage as many passwords as we like, without any extra efforts.
  • 9. スライド 9 Being able to recall strong passwords is one thing. Being able to recall the correspondence between accounts and passwords is another. When different sets of images are allocated to different accounts, those unique image matrices will be telling you which images you should pick up as your credential for this or that account. When using hard-to-forget images of our episodic memories, EPS will free us from the burden of managing the relation between accounts and the corresponding passwords.
  • 10. スライド 10 Bring a healthy second life to legacy password systems We do not have to replace or rebuild the existing text password systems for making use of episodic memory; images of our episodic memory can be turned into a high-entropy code with a simple tweak. All that we need to do is ensure that our legacy password system accepts very long passwords, desirably hundreds of characters, for obtaining very high-entropy hashed values that can stand fierce brute force attacks.
  • 11. スライド 11 Use Cases Consumers – 140,000 online shoppers enjoyed friction- less login from 2004 to 2008 Corporations - 1,200 people enjoying secure login by 2- channel authentication since 2014 Military – ‘Panic-proof’ field use at Japan’s Ground Self- Defense Force (Army) Now I would like to talk who adopted EPS for What. A telecom company who built a payment system designed for a million online shoppers adopted EPS for accepting ‘Hard-to-Forget’ and yet ‘Hard-to-Break’ credentials and for reducing the helpdesk cost drastically. Actually 140,000 online shoppers enjoyed the no friction login for 5 years. An IT corporation who built a security-conscious corporate network adopted EPS deployed in 2-channel/2-factor scheme for accepting ‘Very Hard-to-Break’ and yet ‘Hard-to-Forget’ credentials. 1,200 employees have long enjoyed the good balance of security and usability. Japan’s Self-Defence Ground Force, aka, Army, adopted our solution for accepting ‘Panic-Proof’ and yet ‘Hard-to-Break’ credentials. The number of licenses has increased more than 10-fold over the 8-year period from 2013 and is set to increase further.
  • 12. スライド 12 Mission Make Expanded Password System solutions readily available to all the global citizens – rich and poor, young and old, healthy and disabled, literate and illiterate, in peace and in disaster – over many generations until humans discover something other than 'digital identity' for our safe and orderly societal life. Our mission is to make -----
  • 13. スライド 13 Another Mission For global citizens to enjoy a safer identity assurance, we need to debunk wide-spread misperceptions such as “indispensable passwords be removed altogether” and “passwords be displaced by password-dependent biometrics” We have another big mission ---
  • 14. スライド 14 Who We Are Mnemonic Identity Solution Limited was founded in UK in August 2020 by Hitoshi Kokumai (left), who invented Expanded Password System in 2000 in Japan. Now launching the global operations from UK. More information at https://www.mnemonicidentitysolutions.com/ With the core concept invented in early 2000, we launched the business operation in late 2001 under the name of Mnemonic Security, Inc, which was the world’s first company to provide the software products that offer ‘Hard-to-Forget’, ‘Hard-to-Break’ and ‘Panic-Proof’ digital identity authentication. We registered Mnemonic Identity Solutions Limited in UK in August 2020 as the global headquarters with the mission of globally promoting 'identity assurance by our own volition and memory for 'secure digital identity in post-pandemic cyberspace. Once the Covid pandemic subsides in UK and Japan, we will resume the active pursuit of the global objective. Thank you for your time.