SlideShare a Scribd company logo
1 of 8
Download to read offline
Death To Password?
No! It Is Given New Life
Many people shout that the password is dead or should be
killed dead. The password could be killed, however, only when
there is an alternative to the password.
Something belonging to the password (PIN, passphrase, etc)
and something dependent on the password (ID federations,
2/multi-factor, etc) cannot be the alternative to the password.
For biometrics to displace the password, it must first stop
depending on a password registered in case of false rejection.
A new life is given to the password by Expanded Password
System (EPS).
22nd April, 2015
Mnemonic Security, Inc., Japan/UK
2
What is EPS? 1/3
Only texts are accepted As it were, we have no choice but
to walk up a long steep staircase
  
Where we want to
continue to use
textual passwords
Where we want to
reduce the burden of
textual passwords
Where we want to
make use of
episodic image memory
3UVB9KUW
【 Text Mode 】 【 Graphics Mode 】 【 Original Picture Mode 】
Recall the remembered
password
Recognize the pictures
remembered in stories
Recognize the unforgettable
pictures of episodic memories
Free choices from, as it were, among staircases, escalators and lifts/elevators
Low memory ceiling Very high memory ceilingHigh memory ceiling
+ +
There are several known pictures.
I can easily find all of them right away.
Only I can select all of them correctly.
Practicable even in panic when images of episodic memory are registered
Incorporating the function of generating high-entropy online passwords from
hard-to-forget images and texts.
Security of real/cyber-fused society hinges on online identity assurance
Online identity assurance hinges on shared secrets, i.e. what we remember
Video: http://www.youtube.com/watch?v=Q8kGNeIS2Lc
What is EPS? 2/3
Technical details available at http://www.slideshare.net/HitoshiKokumai/expanded-password-system
4
What is EPS? 3/3
When unique matrices of images are allocated to different accounts
with the EPS, those unique matrices of images will be telling you what
images you could pick up as your passwords.
Being able to recall strong passwords is one thing. Being able to
recall the relations between accounts and the corresponding
passwords is another.
EPS frees us from the burden of managing the relations between
accounts and the corresponding passwords.
Account A Account B Account C Account D
Account E,
F, G, H, I, J,
K, L-----------
5
Why EPS?
Biometric products operated in cyber space require the password
called a backup/fallback password to be registered in case of false
rejection (footnoted on the next page).
Action patterns are too difficult to replay accurately and also require the
fallback password in case of false rejection.
Multi-factor authentications require the password as one of the factors..
ID federations (single-sign-on services and password management
tools) are operated with the password called “master-password”.
PIN and passphrases belong to the password.
As such we are unable to live without the password and yet it is obvious
that the conventional character password no longer suffices.
Here enter the EPS, a password system expanded to accept images on
top of characters, which is expected to play a very significant role.  
Password-dependent password-killer
- Widely spread nonsensical false sense of security -
Media seem busy spreading the hyped stories of “password-killing” biometric products. For biometrics to
displace the password for better security, however, it must stop depending on a fallback password
registered in case of false rejection.
Further details are available at http://www.slideshare.net/HitoshiKokumai/password-dependent-passwordkiller-46151802
FOOTNOTE
7
What can EPS achieve?
EPS can be viewed as an enhanced successor to text-only password systems on
its own.
Furthermore EPS enables us to see truly powerful multi-factor authentications with
a strong unique password being used as one of the factors for all different
accounts, whether indoor or outdoor.
With EPS used for fallback passwords in case of false rejection, biometric solutions
will offer good convenience without much sacrificing the confidentiality.
We would also be able to see truly reliable decentralized ID federations with a
strong unique password being used as the master-password for each of single-
sign-on services and password management tools.
The outcome will be the most highly assured identity achieved through the most
reliable “shared secrets”, which is indispensable for the coming age of
Electronic Healthcare, Pandemic-resistant Teleworking, ICT-assisted Disaster
Prevention, Rescue & Recovery, Hands-Free Operation of Wearable Computing,
Hands-Free Payment & Empty-Handed Shopping, Humanoid Robots, Internet of
Things and, needless to say, Cyber Defence & Law Enforcement along with the
basic need of real/cyber-fused social life.
8
In Conclusion
Security of the real/cyber-fused society hinges on “Assured Identity”, which
hinges on “Shared Secrets” in cyberspace. The text password has been the
shared secrets for many decades. We now need a successor to the text
password.
We are in the middle of the decades-long game of having the finalist
candidates chosen for the legitimate successors not just to the decades-old
character passwords but to the centuries or millennia-old seals and
signatures, which will make the basic foundation for the real/cyber-fused
society that may well last for more than generations or even centuries for the
whole global population.
Among the most promising candidates is the Expanded Password System
(EPS) which accepts images as well as characters and which generates a
high-entropy password from a hard-to-forget images and texts.
More information available at
http://www.slideshare.net/HitoshiKokumai/identity-assurance-
expanded-password-system

More Related Content

Viewers also liked

MODERNIZING YOUR WORKPLACE WITH OFFICE 365
MODERNIZING YOUR WORKPLACE WITH OFFICE 365MODERNIZING YOUR WORKPLACE WITH OFFICE 365
MODERNIZING YOUR WORKPLACE WITH OFFICE 365Tarek El Jammal
 
Internet of Things: How Finance Should Embrace the Coming Flood to Drive Top-...
Internet of Things: How Finance Should Embrace the Coming Flood to Drive Top-...Internet of Things: How Finance Should Embrace the Coming Flood to Drive Top-...
Internet of Things: How Finance Should Embrace the Coming Flood to Drive Top-...Gotransverse
 
Reflexões sobre o terceiro ciclo dirigidas para alunos de doutoramento
Reflexões sobre o terceiro ciclo dirigidas para alunos de doutoramentoReflexões sobre o terceiro ciclo dirigidas para alunos de doutoramento
Reflexões sobre o terceiro ciclo dirigidas para alunos de doutoramentoLuis Borges Gouveia
 
Présentation EasyShair
Présentation EasyShairPrésentation EasyShair
Présentation EasyShairSalmane Tazi
 
Superstitious and Deluded Beliefs
Superstitious and Deluded BeliefsSuperstitious and Deluded Beliefs
Superstitious and Deluded BeliefsOH TEIK BIN
 
El Verbo powerpoint
El Verbo powerpointEl Verbo powerpoint
El Verbo powerpointHernan Vlt
 

Viewers also liked (8)

CV Team / Resume template
CV Team / Resume templateCV Team / Resume template
CV Team / Resume template
 
MODERNIZING YOUR WORKPLACE WITH OFFICE 365
MODERNIZING YOUR WORKPLACE WITH OFFICE 365MODERNIZING YOUR WORKPLACE WITH OFFICE 365
MODERNIZING YOUR WORKPLACE WITH OFFICE 365
 
Internet of Things: How Finance Should Embrace the Coming Flood to Drive Top-...
Internet of Things: How Finance Should Embrace the Coming Flood to Drive Top-...Internet of Things: How Finance Should Embrace the Coming Flood to Drive Top-...
Internet of Things: How Finance Should Embrace the Coming Flood to Drive Top-...
 
Reflexões sobre o terceiro ciclo dirigidas para alunos de doutoramento
Reflexões sobre o terceiro ciclo dirigidas para alunos de doutoramentoReflexões sobre o terceiro ciclo dirigidas para alunos de doutoramento
Reflexões sobre o terceiro ciclo dirigidas para alunos de doutoramento
 
Présentation EasyShair
Présentation EasyShairPrésentation EasyShair
Présentation EasyShair
 
Superstitious and Deluded Beliefs
Superstitious and Deluded BeliefsSuperstitious and Deluded Beliefs
Superstitious and Deluded Beliefs
 
El Verbo powerpoint
El Verbo powerpointEl Verbo powerpoint
El Verbo powerpoint
 
Lumi
LumiLumi
Lumi
 

More from Hitoshi Kokumai

Image-to-Code Converter 31July2023.pptx
Image-to-Code Converter 31July2023.pptxImage-to-Code Converter 31July2023.pptx
Image-to-Code Converter 31July2023.pptxHitoshi Kokumai
 
More Issues on Digital Identity (24Feb2023)
More Issues on Digital Identity (24Feb2023)More Issues on Digital Identity (24Feb2023)
More Issues on Digital Identity (24Feb2023)Hitoshi Kokumai
 
Fend Off Cyberattack with Episodic Memory (24Feb2023)
Fend Off Cyberattack with Episodic Memory (24Feb2023)Fend Off Cyberattack with Episodic Memory (24Feb2023)
Fend Off Cyberattack with Episodic Memory (24Feb2023)Hitoshi Kokumai
 
Slide Share (Updated) - Fend Off Cybercrime with Episodic Memory 29Aug2022
Slide Share (Updated) - Fend Off Cybercrime with Episodic Memory 29Aug2022Slide Share (Updated) - Fend Off Cybercrime with Episodic Memory 29Aug2022
Slide Share (Updated) - Fend Off Cybercrime with Episodic Memory 29Aug2022Hitoshi Kokumai
 
Fend Off Cybercrime with Episodic Memory
Fend Off Cybercrime with Episodic MemoryFend Off Cybercrime with Episodic Memory
Fend Off Cybercrime with Episodic MemoryHitoshi Kokumai
 
Bring healthy second life to legacy password system
Bring healthy second life to legacy password systemBring healthy second life to legacy password system
Bring healthy second life to legacy password systemHitoshi Kokumai
 
Intriguing Evlolution from One to Two and Back to One
Intriguing Evlolution from One to Two and Back to OneIntriguing Evlolution from One to Two and Back to One
Intriguing Evlolution from One to Two and Back to OneHitoshi Kokumai
 
Cyber Predicament by Text-Only Password Systems
Cyber Predicament by Text-Only Password SystemsCyber Predicament by Text-Only Password Systems
Cyber Predicament by Text-Only Password SystemsHitoshi Kokumai
 
Updated: Presentation with Scripts at CIW2018
Updated:  Presentation with Scripts at CIW2018Updated:  Presentation with Scripts at CIW2018
Updated: Presentation with Scripts at CIW2018Hitoshi Kokumai
 
Presentation with Scripts at CIWEU2018
Presentation with Scripts at CIWEU2018Presentation with Scripts at CIWEU2018
Presentation with Scripts at CIWEU2018Hitoshi Kokumai
 
Updated: Identity Assurance by Our Own Volition and Memory
Updated: Identity Assurance by Our Own Volition and MemoryUpdated: Identity Assurance by Our Own Volition and Memory
Updated: Identity Assurance by Our Own Volition and MemoryHitoshi Kokumai
 
Deployment of Biometrics & Password - NIST63B
Deployment of Biometrics & Password - NIST63BDeployment of Biometrics & Password - NIST63B
Deployment of Biometrics & Password - NIST63BHitoshi Kokumai
 
Clues to Unravelling Conundrums - Biometrics deployed 'in parallel' as again...
Clues to Unravelling  Conundrums - Biometrics deployed 'in parallel' as again...Clues to Unravelling  Conundrums - Biometrics deployed 'in parallel' as again...
Clues to Unravelling Conundrums - Biometrics deployed 'in parallel' as again...Hitoshi Kokumai
 
Help unravel the conundrum over NIST authentication guideline
Help unravel the conundrum over NIST authentication guidelineHelp unravel the conundrum over NIST authentication guideline
Help unravel the conundrum over NIST authentication guidelineHitoshi Kokumai
 
Business Dimension of Expanded Password System
Business Dimension of Expanded Password SystemBusiness Dimension of Expanded Password System
Business Dimension of Expanded Password SystemHitoshi Kokumai
 
Expanded password system - Reliable Identity Assurance
Expanded password system - Reliable Identity AssuranceExpanded password system - Reliable Identity Assurance
Expanded password system - Reliable Identity AssuranceHitoshi Kokumai
 

More from Hitoshi Kokumai (16)

Image-to-Code Converter 31July2023.pptx
Image-to-Code Converter 31July2023.pptxImage-to-Code Converter 31July2023.pptx
Image-to-Code Converter 31July2023.pptx
 
More Issues on Digital Identity (24Feb2023)
More Issues on Digital Identity (24Feb2023)More Issues on Digital Identity (24Feb2023)
More Issues on Digital Identity (24Feb2023)
 
Fend Off Cyberattack with Episodic Memory (24Feb2023)
Fend Off Cyberattack with Episodic Memory (24Feb2023)Fend Off Cyberattack with Episodic Memory (24Feb2023)
Fend Off Cyberattack with Episodic Memory (24Feb2023)
 
Slide Share (Updated) - Fend Off Cybercrime with Episodic Memory 29Aug2022
Slide Share (Updated) - Fend Off Cybercrime with Episodic Memory 29Aug2022Slide Share (Updated) - Fend Off Cybercrime with Episodic Memory 29Aug2022
Slide Share (Updated) - Fend Off Cybercrime with Episodic Memory 29Aug2022
 
Fend Off Cybercrime with Episodic Memory
Fend Off Cybercrime with Episodic MemoryFend Off Cybercrime with Episodic Memory
Fend Off Cybercrime with Episodic Memory
 
Bring healthy second life to legacy password system
Bring healthy second life to legacy password systemBring healthy second life to legacy password system
Bring healthy second life to legacy password system
 
Intriguing Evlolution from One to Two and Back to One
Intriguing Evlolution from One to Two and Back to OneIntriguing Evlolution from One to Two and Back to One
Intriguing Evlolution from One to Two and Back to One
 
Cyber Predicament by Text-Only Password Systems
Cyber Predicament by Text-Only Password SystemsCyber Predicament by Text-Only Password Systems
Cyber Predicament by Text-Only Password Systems
 
Updated: Presentation with Scripts at CIW2018
Updated:  Presentation with Scripts at CIW2018Updated:  Presentation with Scripts at CIW2018
Updated: Presentation with Scripts at CIW2018
 
Presentation with Scripts at CIWEU2018
Presentation with Scripts at CIWEU2018Presentation with Scripts at CIWEU2018
Presentation with Scripts at CIWEU2018
 
Updated: Identity Assurance by Our Own Volition and Memory
Updated: Identity Assurance by Our Own Volition and MemoryUpdated: Identity Assurance by Our Own Volition and Memory
Updated: Identity Assurance by Our Own Volition and Memory
 
Deployment of Biometrics & Password - NIST63B
Deployment of Biometrics & Password - NIST63BDeployment of Biometrics & Password - NIST63B
Deployment of Biometrics & Password - NIST63B
 
Clues to Unravelling Conundrums - Biometrics deployed 'in parallel' as again...
Clues to Unravelling  Conundrums - Biometrics deployed 'in parallel' as again...Clues to Unravelling  Conundrums - Biometrics deployed 'in parallel' as again...
Clues to Unravelling Conundrums - Biometrics deployed 'in parallel' as again...
 
Help unravel the conundrum over NIST authentication guideline
Help unravel the conundrum over NIST authentication guidelineHelp unravel the conundrum over NIST authentication guideline
Help unravel the conundrum over NIST authentication guideline
 
Business Dimension of Expanded Password System
Business Dimension of Expanded Password SystemBusiness Dimension of Expanded Password System
Business Dimension of Expanded Password System
 
Expanded password system - Reliable Identity Assurance
Expanded password system - Reliable Identity AssuranceExpanded password system - Reliable Identity Assurance
Expanded password system - Reliable Identity Assurance
 

Recently uploaded

Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?SANGHEE SHIN
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
Things you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceThings you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceMartin Humpolec
 
Spring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfSpring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfAnna Loughnan Colquhoun
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdfJamie (Taka) Wang
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
Introduction to Quantum Computing
Introduction to Quantum ComputingIntroduction to Quantum Computing
Introduction to Quantum ComputingGDSC PJATK
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
RAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIRAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIUdaiappa Ramachandran
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 

Recently uploaded (20)

Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
Things you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceThings you didn't know you can use in your Salesforce
Things you didn't know you can use in your Salesforce
 
Spring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfSpring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdf
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
Introduction to Quantum Computing
Introduction to Quantum ComputingIntroduction to Quantum Computing
Introduction to Quantum Computing
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
RAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIRAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AI
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 

Death to Password? No! It is given new life

  • 1. Death To Password? No! It Is Given New Life Many people shout that the password is dead or should be killed dead. The password could be killed, however, only when there is an alternative to the password. Something belonging to the password (PIN, passphrase, etc) and something dependent on the password (ID federations, 2/multi-factor, etc) cannot be the alternative to the password. For biometrics to displace the password, it must first stop depending on a password registered in case of false rejection. A new life is given to the password by Expanded Password System (EPS). 22nd April, 2015 Mnemonic Security, Inc., Japan/UK
  • 2. 2 What is EPS? 1/3 Only texts are accepted As it were, we have no choice but to walk up a long steep staircase    Where we want to continue to use textual passwords Where we want to reduce the burden of textual passwords Where we want to make use of episodic image memory 3UVB9KUW 【 Text Mode 】 【 Graphics Mode 】 【 Original Picture Mode 】 Recall the remembered password Recognize the pictures remembered in stories Recognize the unforgettable pictures of episodic memories Free choices from, as it were, among staircases, escalators and lifts/elevators Low memory ceiling Very high memory ceilingHigh memory ceiling + +
  • 3. There are several known pictures. I can easily find all of them right away. Only I can select all of them correctly. Practicable even in panic when images of episodic memory are registered Incorporating the function of generating high-entropy online passwords from hard-to-forget images and texts. Security of real/cyber-fused society hinges on online identity assurance Online identity assurance hinges on shared secrets, i.e. what we remember Video: http://www.youtube.com/watch?v=Q8kGNeIS2Lc What is EPS? 2/3 Technical details available at http://www.slideshare.net/HitoshiKokumai/expanded-password-system
  • 4. 4 What is EPS? 3/3 When unique matrices of images are allocated to different accounts with the EPS, those unique matrices of images will be telling you what images you could pick up as your passwords. Being able to recall strong passwords is one thing. Being able to recall the relations between accounts and the corresponding passwords is another. EPS frees us from the burden of managing the relations between accounts and the corresponding passwords. Account A Account B Account C Account D Account E, F, G, H, I, J, K, L-----------
  • 5. 5 Why EPS? Biometric products operated in cyber space require the password called a backup/fallback password to be registered in case of false rejection (footnoted on the next page). Action patterns are too difficult to replay accurately and also require the fallback password in case of false rejection. Multi-factor authentications require the password as one of the factors.. ID federations (single-sign-on services and password management tools) are operated with the password called “master-password”. PIN and passphrases belong to the password. As such we are unable to live without the password and yet it is obvious that the conventional character password no longer suffices. Here enter the EPS, a password system expanded to accept images on top of characters, which is expected to play a very significant role.  
  • 6. Password-dependent password-killer - Widely spread nonsensical false sense of security - Media seem busy spreading the hyped stories of “password-killing” biometric products. For biometrics to displace the password for better security, however, it must stop depending on a fallback password registered in case of false rejection. Further details are available at http://www.slideshare.net/HitoshiKokumai/password-dependent-passwordkiller-46151802 FOOTNOTE
  • 7. 7 What can EPS achieve? EPS can be viewed as an enhanced successor to text-only password systems on its own. Furthermore EPS enables us to see truly powerful multi-factor authentications with a strong unique password being used as one of the factors for all different accounts, whether indoor or outdoor. With EPS used for fallback passwords in case of false rejection, biometric solutions will offer good convenience without much sacrificing the confidentiality. We would also be able to see truly reliable decentralized ID federations with a strong unique password being used as the master-password for each of single- sign-on services and password management tools. The outcome will be the most highly assured identity achieved through the most reliable “shared secrets”, which is indispensable for the coming age of Electronic Healthcare, Pandemic-resistant Teleworking, ICT-assisted Disaster Prevention, Rescue & Recovery, Hands-Free Operation of Wearable Computing, Hands-Free Payment & Empty-Handed Shopping, Humanoid Robots, Internet of Things and, needless to say, Cyber Defence & Law Enforcement along with the basic need of real/cyber-fused social life.
  • 8. 8 In Conclusion Security of the real/cyber-fused society hinges on “Assured Identity”, which hinges on “Shared Secrets” in cyberspace. The text password has been the shared secrets for many decades. We now need a successor to the text password. We are in the middle of the decades-long game of having the finalist candidates chosen for the legitimate successors not just to the decades-old character passwords but to the centuries or millennia-old seals and signatures, which will make the basic foundation for the real/cyber-fused society that may well last for more than generations or even centuries for the whole global population. Among the most promising candidates is the Expanded Password System (EPS) which accepts images as well as characters and which generates a high-entropy password from a hard-to-forget images and texts. More information available at http://www.slideshare.net/HitoshiKokumai/identity-assurance- expanded-password-system