intuitive passwords - passwords succeeding passwords
TRANSCRIPT
Intuitive Passwords- Passwords succeeding passwords –
-
Introduction
Security of the real/cyber-fused society hinges on the trusted Identity Assurance, which hinges on the reliable Shared Secrets in cyberspace. Passwords have been the Shared Secrets for many decades.
The password has also been a target of resentment. It is so easy to break if easy to recall, while so hard to recall if hard to break. Sieged by an ever increasing number of password-requiring accounts, not a few people are crying that the password should be killed dead.
The password could be killed altogether, however, only where there is a valid alternative.
To displace passwords would not be easy
Some say “PIN can”. This observation would, however, only lead us to the entrance to Alice’s Wonderland. If a PIN that is a weak form of numbers-only password could displace the password, a puppy should be able to displace the dog, a kitten the cat, a cub the lion.
“Passphrase” is also no more than a variation of passwords, having its merits and demerits. It may be longer and yet easier to remember but it does not necessarily mean a higher entropy despite the troubles of tiresome typing since it is generally made of known words that are just vulnerable to automated dictionary attacks.
Some people might say that multi-factor authentications or ID federations such as password managers and single-sign-on services could do it. It is not easy, however, to conceive that the password could be displaced by the multi-factor schemes, for which one of the factors is a password or the ID federations, which require the most reliable password as the master-password.
Misused biometrics
Some say “Biometrics will”. This observation would lead us to another entrance to Alice’s Wonderland. Biometric solutions used in cyberspace need a password (fallback password as a recovery mechanism) registered in case of false rejection. If “something” which has to rely on “the other thing” could displace “the other thing”,
your foot should be able to displace your leg for walking. Alice’s Wonderland might receive it, but we have huge difficulties in imagining what it could look like in this 4D Space-Time universe.
There are a lot of people who take it for granted that the password can be displaced by the biometrics operated in cyberspace together with a fallback password. How could such a misconception happen?
Blind Spot in Our Mind: Let us imagine that we are watching two models of smart phones - Model A with Pincode and Model B with Pincode & Fingerprint Scan.
Which of the two models do you think is securer? - when you hear that Model A is protected by Pincode while Model B is protected by
both Pincode and Fingerprints- when you hear that Model A can be unlocked by Pincode while Model B can be
unlocked by both Pincode and Fingerprints- when you hear that Model A can be attacked only by Pincode while Model B can be
attacked by both Pincode and Fingerprints
Is your observation the same for all the 3 situations?
Eye-Opening Experience: Now let us imagine that there are two houses – (1) with one entrance and (2) with two entrances placed in parallel.
Which house is safer against burglars?
Every one of us will no doubt agree that the answer is plainly (1). Nobody would dare to allege that (2) is safer because it is protected by two entrances. Similarly, the login by a pincode alone is securer than the login by a biometric sensor backed up by a fallback pincode (*1). That is, a smartphone equipped with biometrics authentication and a fallback pincode authentication is obviously less secure than a smartphone with a pincode-alone authentication.
The above observation is backed up by the latest draft digital authentication guidelines of National Institute of Standards and Technology (*2), which require in Clause 5.2.3 Use of Biometrics that, due to its inherent vulnerabilities, biometrics should be used with another authentication factor and it needs to depend on passwords as a recovery mechanism where practicality matters even if it means lower security due to the “larger attack surface” to borrow NIST’s words..
(1) (2)
Remark: Due respect should be paid to the value of the biometric solutions as an effective identification tool for physical security like forensic and border control. Biometrics is a good tool for individual identification although it is wrong to use it for identity authentication.
What about a password-less life?
Some might say “Not using any password altogether is the way to kill the password dead”. Yes, the password could then be killed dead entirely, but it would be criminals rather than us that will be the beneficiaries of such password-free cyberspace.
In a world where we live without passwords to recall, i.e., where our identity is established without our volitional participation, we would be able to have a safe sleep only when we are alone in a firmly locked room (*3). It would be a Utopia for criminals but a Dystopia for most of us.
However disliked, passwords as shared secrets are absolutely indispensable
Intuitive passwords
In view of such situations stated above, intuitive password propositions are becoming the focus of attentions as an alternative to the unmanageable old passwords.
Well, how intuitive, secure and practicable are they?
Group 1 - Intuitive but insecure: With this group of solutions, the authentication would be completed when we have picked up the mugshots of friends that had been registered as the shared secrets.
Comment: Using friends’ mugshots IMPLICITLY is good, but using friends’ mugshots EXPLICITLY is no good. It would only please criminals.
Group 2 - Not as intuitive as it appears: With this group of solutions, the authentication would be completed when you have picked up the mugshots of people that you had remembered as the shared secrets.
Comment: Using faces as one of the objects is no bad but using ONLY faces is no good. And remembering people’s faces is generally easier than remembering other static objects, but not so much when those people are unknown to us. Actual trials tell how easy it is to get lost or confused.
The same applies to dozens of simple pictorial/graphic/emoji passwords proposed here and there, now and then.
Group 3 - Either insecure or impracticable: Patterns-on-Grid belongs to this group, with which authentication would be completed when we have reproduced the patterns that we had registered on a grid.
Comment: Easy-to-remember patterns such as L, N, V, X, Z and their variants are known to criminals, while actual trials of hard-to-crack complicated patterns demonstrate that we get lost or confused so easily.
Then what else?
We are proposing “Expanded Password System” (*4) that is designed to be both intuitive and secure at the same time by making the best use of our long-term memories called episodic/autobiographic memories and by elaborate design consideration on confidentiality. Such approaches as quoted above can all be deployed on the same platform as extra variations if we so want.
We can remember and recall only 5 text passwords on average, not due to our silliness or laziness, but due to the cognitive phenomenon called "Interference of Memory".
Memories of numbers and alphabets, which contain very limited information, are subject to the severe interference of memory which causes terrible confusions in what we remember, whereas the memories of images and pictures, particularly those
of episodic/autobiographic memories that contain a great deal of information with emotional feeling, are not.
This indicates that we can easily manage passwords well beyond 5 or 10 when we make good use of the episodic image memories. It could thus make the optimal alternative to the textual passwords when we make sure that confidentiality is not lost.
Most of the humans are thousands times better at dealing with image memories than text memories. The former has the history of hundreds of millions of years while the latter is still very new to us. I wonder what merits we have in confining ourselves in the narrow corridor of text memories when CPUs are fast enough, bandwidth broad enough, memory storage cheap enough, and cameras built in mobile devices.
The Expanded Password System is inclusive of textual as well as non-textual passwords. Users can retain the textual passwords as before while they expand their password memory to include the non-textual passwords without being impeded by the cognitive effect of “interference of memory”. It is extremely difficult to imagine the users who would suffer disadvantage or inconvenience by taking up the Expanded Password System.
Being able to recall strong passwords is one thing. Being able to recall the relations between accounts and the corresponding passwords is another. When unique matrices of images are allocated to different accounts with the Expanded Password System, those unique matrices of images will be telling you what images you could pick up as your passwords. The Expanded Password System thus frees us from the burden of managing the relations between accounts and the corresponding passwords.
Further Development – BCI, Blockchain & Quantum computing
BCI: We have been pondering over the theme of Brain-Computer-Interface for our Expanded Password System for many years. We already can rely on- clicking and tapping on the images randomly positioned- typing the characters randomly allocated to images
We will easily be able to rely on- eye-tracking the images randomly positioned- voice-recognizing the characters randomly allocated to images- voiceless-voice-recognizing the same
&- tapping secret signals on a pad when hearing the sounds that the users had registered (for the blind people)- tapping signals when feeling the tactile sensation that the users had registered (for
the blind & deaf people)
All the above can be achieved by deploying the off-the-shelf technologies. The next task is the interfaces for the people who cannot rely on any of the above. Here enters the possibility of BCI/BMI.
A simple brain-monitoring of the user's eye-tracking has a problem in terms of security. The data, if eavesdropped by criminals, can be replayed for impersonation straight away. Therefore the data should be randomized as the disposable onetime ones.
Our idea is that the authentication system allocates random characters to the images. The users focus their attention on the characters given to the registered images. The monitoring system will collect the brain-generated onetime signal/data responding to these characters. If intercepted, criminals would be unable to impersonate the users because the bugged data are onetime and disposable. We are looking for the researchers of BCI/BMI who may be interested in establishing that this idea is actually feasible in the real world.
Blockchain: Also among the agenda is a scheme of designing the Expanded Password System deployed on the platform of blockchain or something similar to it for single-sign-on services and online password management services. As a matter of fact this concept has been around with us for 13 years. It was in 2003 that we first talked about the possibility of online authentication on a PKI-based P2P platform.
Quantum computing: The effect of encryption cannot be above the level of identity verification of the people who handle the encrypted data. Neither can the effect of the identity verification be above the level of the encryption that protects the identity verification process.
The arrival of quantum computing could be a very serious threat not only to the encryption itself but also to the identity assurance. We are keen to get in touch with the people who are trying to come up with technologies related to Quantum-Resistant encryption.
In Conclusion
Users of biometric products are advised that, if you are security-conscious, you should turn off the biometrics when a password login is provided as a fallback means. The password-only authentication is securer. You could keep the biometrics with a fallback password activated only where you are happy with "below-password-only" security for better convenience.
Instead you could look to the intuitive password solution offered in our Expanded Password System. Use of images of beloved people, pets and various familiar objects could help make you feel comfortable, relaxed and healed.
Torturous login that we have had to suffer for many decades will be history. And this bonus comes on top of the better balance of security and convenience made possible by the Expanded Password System (*5).
Hitoshi KokumaiPresident, Mnemonic Security, Inc.
- Hitoshi Kokuman is the inventor of Expanded Password System that enables people to make use of episodic image memories for intuitive and secure identity authentication. He has kept raising the issue of wrong usage of biometrics with passwords and the false sense of security it brings since 15 years ago.
- Mnemonic Security Inc. was founded in 2001 by Hitoshi Kokumai for promoting Expanded Password System. "Mnemonic" and "Mneme" used in the company name and logo imply that our identity must be protected with our own memory. Following the pilotscale operations in Japan, it is currently searching for the location to set up the global headquarters.
<Reference>
*1 Video: Apple vs FBI over Backdoorhttps://youtu.be/5e2oHZccMe4 (2m40s)
*2 Draft: NIST Special Publication 800-63B Digital Identity Guidelineshttps://pages.nist.gov/800-63-3/sp800-63b.html
*3 Picture: Little Girl Finds Security Flaw in iPhone 5S Fingerprint Scannerhttp://mashable.com/2013/09/11/girl-fingerprint-scanner/
*4 Slide: Expanded Password System (10pages)https://www.slideshare.net/HitoshiKokumai/password-fatigue-and-expanded-password-system?qid=2c528aa5-bd4c-4ac9-a64b-029562962b78&v=&b=&from_search=2
*5 Whitepaper - Identity Assurance & Expanded Password Systemhttps://www.linkedin.com/pulse/identity-assurance-expanded-password-system-v4-
hitoshi-kokumai?trk=mp-reader-card