Hitoshi Kokumai

1 year ago · 3 min. reading time · ~10 ·

Contact the author

Like Share Comment
Hitoshi blog
Leak-resistant Secret Credentials

Leak-resistant Secret Credentials

“Expanded Password System

wane = Only I can select all of
BS] them correctly

Broader choices with both images and characters accepted






Easy to manage relenons between accounts and corresponding passwords.


Torturous login is history. Login is now comfortable, relaxing and healing


Today's topic is “Microsoft Exchange Autodiscover protocol found leaking hundreds of thousands of credentials”  https://www.theregister.com/2021/09/22/microsoft_exchange_autodiscover_protocol_found/

It appears to be next to impossible for any talented servicers to locate all the critical vulnerabilities before someone else, bad guys in many cases, locate them. Then we should better assume that our own credentials could leak at any time. 

One of the valid solutions against it would be to use the passwords whose hashed entropy is so big as to stand the brute force attacks by supercomputers.  It is not what humans can easily do, however, meaning that we need a powerful tool to achieve it like the stones and clubs for our ancestors.

Our proposition of ‘image-to-code conversion’ might well make a sizeable contribution as discussed here “New Slide - Healthy Second Life of Legacy Password Systems” https://www.linkedin.com/posts/hitoshikokumai_bring-a-healthy-second-life-to-legacy-password-activity-6837948929376681984-xKjH

Well, were you considering that killing the password could be a solution? 

What does not exist will indeed not leak, but we will end up seeing our future killed; Where our identity is established without our will/volition confirmed, democracy is fatally eroded. Practically we would no longer have a restful sleep unless staying alone in a closed space locked from within or fenced by faithful bodyguards.

Incidentally, the security effect of removing the password is discussed here – “Remove the army and we will have a stronger national defense” 

Relation of Accounts & Passwords


* Unique matrices of images allocated to different accounts.

+ Ata glance you will immediately realize what images you should pick
up as your passwords for this or that account.

Key References 

 Bring a healthy second life to legacy password systems

For Achieving Solid Digital Identity on Information Security Buzz (Mar/2021)

What We Know for Certain about Authentication Factors

Digital Identity for Global Citizens

Image-to-Code Conversion by Expanded Password System

Summary and Brief History - Expanded Password System

Proposition on How to Build Sustainable Digital Identity Platform

Account Recovery with Expanded Password System

Ifonlytextand fare OK [SUV BIOKUW

to memonze
text/number passwords

{Text Mode)
Recall the remembered

J 2


<veco N=

Ox ma

XxXBFr mow



Low memory ceiling

to lighten the load of

text passwords


{Graphics Mode)
Recognize the pictures
remembered mn stones


High memory ceiling



to make use of
memorized images

{Ongimal Picture Mode)

Recognize the unforgettable
pictures of episodic memories

sRBO yr
L@ S00




Very high memory cuiding

— Think ofall those adders you have to climb in Donkey Kong 1+)

Additional References

Removal of Passwords and Its Security Effect

Step-by-Step Analysis of Why and How Biometrics Brings Down Security

Negative Security Effect of Biometrics Deployed in Cyberspace

External Body Features Viewed as ‘What We Are’

 History, Current Status and Future Scenarios of Expanded Password System

Availability-First Approach

Update: Questions and Answers - Expanded Password System and Related Issues 

Secret Credenti



Episodic Memory


 < Videos on YouTube>

Slide: Outline of Expanded Password System (3minutes 2seconds)

Digital Identity for Global Citizens (10minutes - narrated)

Demo: Simplified Operation on Smartphone for consumers (1m41s)

Demo: High-Security Operation on PC for managers (4m28s)

Demo: Simple capture and registration of pictures by users (1m26s)

Slide: Biometrics in Cyber Space - "below-one" factor authentication

Like Share Comment

More articles from Hitoshi Kokumai

View blog
1 year ago · 2 min. reading time

Today's topic is this report - “How blockchain technology can create secure digital identities” · h ...

1 year ago · 2 min. reading time

I take up this report today - “Facebook's metaverse plans labelled as 'dystopian' and 'a bad idea'” ...

1 year ago · 3 min. reading time

I today take up this The Register report - “Client-side content scanning as an unworkable, insecure ...

You may be interested in these jobs

  • Ramsay Health Care

    Anaesthetic Operating Dept. Practitioner

    Found in: Talent UK - 5 days ago

    Ramsay Health Care Gloucester Full time

    Job Description · Anaesthetic Nurse/ODP | Winfield Hospital | Full Time 37.5 Hours | £29,500 - £36,000 + Welcome Bonus Available · Are you an experienced Anaesthetic Nurse / ODP wanting to take the next step in your career with a progressive, busy and friendly team? We are lookin ...

  • CV Library

    Registered Mental Health Nurse Basildon

    Found in: beBee S2 UK - 1 day ago

    CV Library London Part time

    Successful applicants should demonstrate the ability to maintain high standards of patient care and be professionally responsible for the assessment of care needs and the development, implementation and evaluation of programmes of care. A high standard of record keeping which dem ...

  • Menzies LLP

    Audit Senior

    Found in: Jooble GB - 4 days ago

    Menzies LLP Woking, Surrey

    Are you a Qualified or a Part-Qualified Audit Senior? We are looking for an Audit Senior to join our Woking office Audit team. · We would consider Qualified or Part-Qualified candidates for this role, so if in doubt, please apply to discuss your level of experience further. · ...