Hitoshi Kokumai

3 years ago · 3 min. reading time · ~10 ·

Blogging
>
Hitoshi blog
>
Leak-resistant Secret Credentials

Leak-resistant Secret Credentials

“Expanded Password System

wane = Only I can select all of
BS] them correctly

Broader choices with both images and characters accepted

i

 

 

 

 

Easy to manage relenons between accounts and corresponding passwords.

&

Torturous login is history. Login is now comfortable, relaxing and healing

BO
250
08

Today's topic is “Microsoft Exchange Autodiscover protocol found leaking hundreds of thousands of credentials”  https://www.theregister.com/2021/09/22/microsoft_exchange_autodiscover_protocol_found/

It appears to be next to impossible for any talented servicers to locate all the critical vulnerabilities before someone else, bad guys in many cases, locate them. Then we should better assume that our own credentials could leak at any time. 

One of the valid solutions against it would be to use the passwords whose hashed entropy is so big as to stand the brute force attacks by supercomputers.  It is not what humans can easily do, however, meaning that we need a powerful tool to achieve it like the stones and clubs for our ancestors.

Our proposition of ‘image-to-code conversion’ might well make a sizeable contribution as discussed here “New Slide - Healthy Second Life of Legacy Password Systems” https://www.linkedin.com/posts/hitoshikokumai_bring-a-healthy-second-life-to-legacy-password-activity-6837948929376681984-xKjH

Well, were you considering that killing the password could be a solution? 

What does not exist will indeed not leak, but we will end up seeing our future killed; Where our identity is established without our will/volition confirmed, democracy is fatally eroded. Practically we would no longer have a restful sleep unless staying alone in a closed space locked from within or fenced by faithful bodyguards.

Incidentally, the security effect of removing the password is discussed here – “Remove the army and we will have a stronger national defense” 

Relation of Accounts & Passwords

   

* Unique matrices of images allocated to different accounts.

+ Ata glance you will immediately realize what images you should pick
up as your passwords for this or that account.
wane = Only I can select all of
BS] them correctly

Broader choices with both images and characters accepted

i









Easy to manage relenons between accounts and corresponding passwords.

&

Torturous login is history. Login is now comfortable, relaxing and healing

BO
250
08">

Key References 


 Bring a healthy second life to legacy password systems

For Achieving Solid Digital Identity on Information Security Buzz (Mar/2021)

What We Know for Certain about Authentication Factors

Digital Identity for Global Citizens

Image-to-Code Conversion by Expanded Password System

Summary and Brief History - Expanded Password System

Proposition on How to Build Sustainable Digital Identity Platform

Account Recovery with Expanded Password System

Ifonlytextand fare OK [SUV BIOKUW

to memonze
text/number passwords

{Text Mode)
Recall the remembered
password

J 2

co-o0o

<veco N=

Ox ma

XxXBFr mow

<ozo>a

NAzZZIoaw
+

Low memory ceiling

to lighten the load of

text passwords

 

{Graphics Mode)
Recognize the pictures
remembered mn stones

 

High memory ceiling

 

[RE RET RSI

to make use of
memorized images

{Ongimal Picture Mode)

Recognize the unforgettable
pictures of episodic memories

sRBO yr
L@ S00

afson
fa

 

 

Very high memory cuiding

— Think ofall those adders you have to climb in Donkey Kong 1+)




Memories

Episodic Memory">

Additional References


Removal of Passwords and Its Security Effect

Step-by-Step Analysis of Why and How Biometrics Brings Down Security

Negative Security Effect of Biometrics Deployed in Cyberspace

External Body Features Viewed as ‘What We Are’

 History, Current Status and Future Scenarios of Expanded Password System

Availability-First Approach

Update: Questions and Answers - Expanded Password System and Related Issues 

Secret Credenti

 
   
 

Memories

Episodic Memory


* Unique matrices of images allocated to different accounts.

+ Ata glance you will immediately realize what images you should pick
up as your passwords for this or that account.">


 

 < Videos on YouTube>

Slide: Outline of Expanded Password System (3minutes 2seconds)

Digital Identity for Global Citizens (10minutes - narrated)

Demo: Simplified Operation on Smartphone for consumers (1m41s)

Demo: High-Security Operation on PC for managers (4m28s)

Demo: Simple capture and registration of pictures by users (1m26s)

Slide: Biometrics in Cyber Space - "below-one" factor authentication

bnErN.png
Comments

Articles from Hitoshi Kokumai

View blog
3 years ago · 2 min. reading time

“Expanded Password System is no bad, but we do not need it. · We can rely on password managers that ...

3 years ago · 2 min. reading time

I got interested in this article -on the password problem · “Tech Q&A” · https://www.unionleader.c ...

3 years ago · 2 min. reading time

Another topic for today is “Passwordless made simple with user empowerment” · https://www.securitym ...

You may be interested in these jobs


  • GitLab United Kingdom

    Job Title: Senior Fullstack Engineer (Ruby/Vue.js), AST: Secret Detection · GitLab is an open core software company that develops the most comprehensive AI-powered DevSecOps Platform, used by more than 100,000 organizations. · Our mission is to enable everyone to contribute to an ...


  • beBeePsychiatrist Warwickshire

    Job Title: Experienced Psychiatric Professional in Adult Care · \Description: · \Pulse Mental Health is dedicated to providing top-tier mental health professionals to support individuals on their journey to well-being. We specialize in matching talented individuals with rewarding ...