We are in the middle of the decades-long game of having the finalist candidates chosen for the legitimate successors not just to the decades-old character passwords but to the centuries or millennia-old seals and signatures, which will make the basic foundation for the real/cyber-fused society that may well last for more than generations or even centuries for the whole global population.
Among the most promising candidates is the Expanded Password System (EPS) which accepts images as well as characters and which generates a high-entropy password from a hard-to-forget images and texts.
Comparing Sidecar-less Service Mesh from Cilium and Istio
Death to Password? No! It is given new life
1. Death To Password?
No! It Is Given New Life
Many people shout that the password is dead or should be
killed dead. The password could be killed, however, only when
there is an alternative to the password.
Something belonging to the password (PIN, passphrase, etc)
and something dependent on the password (ID federations,
2/multi-factor, etc) cannot be the alternative to the password.
For biometrics to displace the password, it must first stop
depending on a password registered in case of false rejection.
A new life is given to the password by Expanded Password
System (EPS).
22nd April, 2015
Mnemonic Security, Inc., Japan/UK
2. 2
What is EPS? 1/3
Only texts are accepted As it were, we have no choice but
to walk up a long steep staircase
Where we want to
continue to use
textual passwords
Where we want to
reduce the burden of
textual passwords
Where we want to
make use of
episodic image memory
3UVB9KUW
【 Text Mode 】 【 Graphics Mode 】 【 Original Picture Mode 】
Recall the remembered
password
Recognize the pictures
remembered in stories
Recognize the unforgettable
pictures of episodic memories
Free choices from, as it were, among staircases, escalators and lifts/elevators
Low memory ceiling Very high memory ceilingHigh memory ceiling
+ +
3. There are several known pictures.
I can easily find all of them right away.
Only I can select all of them correctly.
Practicable even in panic when images of episodic memory are registered
Incorporating the function of generating high-entropy online passwords from
hard-to-forget images and texts.
Security of real/cyber-fused society hinges on online identity assurance
Online identity assurance hinges on shared secrets, i.e. what we remember
Video: http://www.youtube.com/watch?v=Q8kGNeIS2Lc
What is EPS? 2/3
Technical details available at http://www.slideshare.net/HitoshiKokumai/expanded-password-system
4. 4
What is EPS? 3/3
When unique matrices of images are allocated to different accounts
with the EPS, those unique matrices of images will be telling you what
images you could pick up as your passwords.
Being able to recall strong passwords is one thing. Being able to
recall the relations between accounts and the corresponding
passwords is another.
EPS frees us from the burden of managing the relations between
accounts and the corresponding passwords.
Account A Account B Account C Account D
Account E,
F, G, H, I, J,
K, L-----------
5. 5
Why EPS?
Biometric products operated in cyber space require the password
called a backup/fallback password to be registered in case of false
rejection (footnoted on the next page).
Action patterns are too difficult to replay accurately and also require the
fallback password in case of false rejection.
Multi-factor authentications require the password as one of the factors..
ID federations (single-sign-on services and password management
tools) are operated with the password called “master-password”.
PIN and passphrases belong to the password.
As such we are unable to live without the password and yet it is obvious
that the conventional character password no longer suffices.
Here enter the EPS, a password system expanded to accept images on
top of characters, which is expected to play a very significant role.
6. Password-dependent password-killer
- Widely spread nonsensical false sense of security -
Media seem busy spreading the hyped stories of “password-killing” biometric products. For biometrics to
displace the password for better security, however, it must stop depending on a fallback password
registered in case of false rejection.
Further details are available at http://www.slideshare.net/HitoshiKokumai/password-dependent-passwordkiller-46151802
FOOTNOTE
7. 7
What can EPS achieve?
EPS can be viewed as an enhanced successor to text-only password systems on
its own.
Furthermore EPS enables us to see truly powerful multi-factor authentications with
a strong unique password being used as one of the factors for all different
accounts, whether indoor or outdoor.
With EPS used for fallback passwords in case of false rejection, biometric solutions
will offer good convenience without much sacrificing the confidentiality.
We would also be able to see truly reliable decentralized ID federations with a
strong unique password being used as the master-password for each of single-
sign-on services and password management tools.
The outcome will be the most highly assured identity achieved through the most
reliable “shared secrets”, which is indispensable for the coming age of
Electronic Healthcare, Pandemic-resistant Teleworking, ICT-assisted Disaster
Prevention, Rescue & Recovery, Hands-Free Operation of Wearable Computing,
Hands-Free Payment & Empty-Handed Shopping, Humanoid Robots, Internet of
Things and, needless to say, Cyber Defence & Law Enforcement along with the
basic need of real/cyber-fused social life.
8. 8
In Conclusion
Security of the real/cyber-fused society hinges on “Assured Identity”, which
hinges on “Shared Secrets” in cyberspace. The text password has been the
shared secrets for many decades. We now need a successor to the text
password.
We are in the middle of the decades-long game of having the finalist
candidates chosen for the legitimate successors not just to the decades-old
character passwords but to the centuries or millennia-old seals and
signatures, which will make the basic foundation for the real/cyber-fused
society that may well last for more than generations or even centuries for the
whole global population.
Among the most promising candidates is the Expanded Password System
(EPS) which accepts images as well as characters and which generates a
high-entropy password from a hard-to-forget images and texts.
More information available at
http://www.slideshare.net/HitoshiKokumai/identity-assurance-
expanded-password-system