How to Strengthen Password Security Using Brain Memory

Passwords are indispensable in this modern world.

Some companies are creating hypes to kill passwords for good. They are recommending that customers go passwordless. They are toying with the idea of "always logged in" and referring to it as "passwordless."

• In simple words, some companies are provoking you to keep your authentication credentials saved on your devices. If your devices are stolen and the screen lock passwords are removed, all your "passwordless" online accounts are in the hands of the device stealers.
• That is how your authentication credentials of multiple online accounts, which are saved on your mobile device, say for your cryptocurrency exchange or wallets, are vulnerable to being stolen/lost with your mobile device.

Today, I share with you a simple yet very robust technique to safeguard multiple accounts without paying a single penny on any software, such as password manager, or any paid cloud security services, which are prone to more hacking attacks.

Why are password managers prone to hacking?

• A Password is a text stream that is set with a Username to authenticate the person logs in to a computer or server. The more complex and lengthier the password text stream, the stronger the password is.

Password managers are software that can provide you with facilities to create many complex passwords for multiple accounts. All generated passwords are protected by a single password called the master password.

There are both offline and online password managers. The online password managers provide server-based services to manage multiple passwords with a master password. The offline password managers are software installable on users' computers for creating and managing passwords.

In whatever its form, the security of a password manager is solely dependent on the master password which is prone to an easy attack called single point of failure

• If hackers can steal the master password, all the users' authentication credentials are in the hacker's hands. Thus, the users will lose access to all of their cyber accounts.

Therefore, password managers can NOT provide you with the security you need.

Know how traditional password security systems function

Before starting with the security solution, let us understand in simple words how a password security system works on a computer or a server. I share a screenshot from one of my tutorial presentations on everyday cybersecurity.

Graphics 01: Screenshot of my slide "What is a Password?".

Thus, in simple words, we learn about a computational operation called the "hash" function, which is operated on the inserted passwords, and the computer system permit access if the "hash" inserted password matches with the stored "hash" of the user-created password.

Otherwise, it rejects access.

How to safeguard passwords using your brain memory

• Nobody can deny that the memory of our brains is the safest place to store secret credentials. The brain memory is primarily used to store all our secret and private information.

It is widely known that password managers come as a solution to help us not overtax the brain to store very long and complex passwords. But, the single master password can be a single point of failure and serve as an easy security hole for hackers.

• Our solution to this problem is not complex. Just follow the step described below and improve the security of your passwords in a significant way.

Use brain memory to store a part of the password

The steps are pretty simple. Anybody can do it. No expertise in computing is necessary. Even your granny or grandpa can do it.

I add "salt" texts (second part) to a complex password (first part) to strengthen password security. I may like to call it quasi-two-factor authentication (quasi-2FA) or static two-factor authentication (static-2FA).

Graphics 02: Screenshot of my slide "Taking help of brain memory is the safest."

The resulting "hash" of the composite password (1st part + 2ndpart "salt") will differ from the "hash" of the very long and complex password (1st part).

Thus, we can create simple "salt" text streams and memorize them in the brain memory for calling back from memory while authenticating the account with the composite password.

We may call it quasi or static two-factor authentication

• Since the resulting composite password is part of being inserted from the brain memory, I will call this technique a quasi or static two-factor authentication (quasi-2FA or static-2FA).
• We can call the technique quasi or static 2FA because it doesn't associate with using any dynamic PIN through SMS or email.

The strength of the composite password security is significantly high because there is no technology available in the world to hack or steal human brain memory.

Bringing it altogether

• I share a simple technique to safeguard the traditional text password system.
• Computer server administrators can adopt this technique to safeguard their administrator accounts of servers and other computer infrastructure.
• Since the technique is pretty simple, there is probably no patent. Therefore, anybody can use this technology solution to improve their cybersecurity.
• The proposed technique does NOT involve using SMS or email to get the second factor PIN. Instead, it adds a text "salt" (2nd part) available from the brain memory as a second factor to the complex password (1st part) for authentication.
• The security strength, or entropy of the composite password (complex password + salt text), is significantly high because no technology is available so far to hack or steal human brain memory.
• The proposed security solution doesn't need proprietary software, device, or additional resources. It can operate using the existing authentication infrastructure of the online platforms.
• Hence, the users can adopt it without paying any license fees from their pockets.
• Moreover, the service providers need not make any alterations to their systems.

------------

About me

I am a researcher and contribute to the overlapping areas of STEAM (Science, Technology, Engineering, Arts, and Mathematics). I develop cybersecurity and information security solutions, specifically graphical authentication security.

Text Copyright ? 2022 Debesh Choudhury — All Rights Reserved.

Cheers!

Cover: I created a GIF using texts and a Photo by?Miguel á. Padri?án?on Pexels.

All other images are either drawn/created by myself or credited to the respective artists/sources.

Disclaimer: All texts are mine and original. Any similarity and resemblance to any other content are purely accidental. The article is not advice for life, career, or business. Do your research before adopting any options.

Join me at?Odysee,?Twitter,?noise.cash,?read.cash, and?Facebook

Kolkata, Tuesday, July 19, 2022.

#passwords #cybersecurity?#technology?#learningtimes?#debeshchoudhury