Power of Citizens’ Episodic Memory

Collected here are our digital identity posts since 24/February/2022 on the power and merit of citizens’ episodic memory, which is the least volatile of human memories, as the best source of secret credential for solid identity assurance.?

?Making use of episodic memory for identity authentication is not a hypothesis but has long been deployed by one of the most demanding users - soldiers in the field.

Three Major Developments of 2023 - Expanded Password System (29Dec2023)

Where We Can Contribute (28Dec2023)

PIN is Easy to Manage - Really? (21Dec2023)

Skills Required to Sell Biometrics? (18Dec2023)

Robust Text Passwords - Practicable or Pie in the Sky? (14Dec2023)

Release of Beta Mnemonic Gateways (13Dec2023)

Announcement on Release of Beta Mnemonic Gateways (11Dec2023

Due Attention Paid to Identity Security? (9Dec2023)

Multiple Cyberattacks on Water Supply Infrastructure (6Dec2023)

Because Truly Valid Alternative is Still Hardly Known (26Nov2023)

Encrypted Data is Uncompromised when Operator’s Account is Compromised? (22Nov2023)

Completely Indifferent to Safety and Fate of Intelligence Data to be Defended? (18Nov2023)

Popular but Unreliable Conventional Password Managers (12Nov2023)

An Extra Few Minutes for Each Login - Still Too Bothersome? (4Nov2023)

Answer to Why Identities Come First in a Zero Trust World (29Oct2023)

What ‘Image-to-Code Converter’ Offers to Global Population (27Oct2023)

On CISCO Zero-Day Vulnerabilities (22Oct2023)

Identity Assurance for Information Assurance (22Oct2023)

Solid Identity Security for End-to-End Encryption (20Oct2023)

Long-Sighted State-Sponsored Cyberattackers (17Oct2023)

Want to Dive into Suicidal Disaster? (15Oct2023)

‘Admin123’ as Top Security Threat - Wonder or No Wonder? (11Oct2023

Value of Identity Assurance - Trivial or Significant?? (21Sep2023)

Whether Incident or Accident - We Need to Prevent (21Sep2023)

Encryption and Identity Security (20Sep2023)

Unfounded Criticism of Expanded Password System (19Sep2023)

Traditional Solutions and Little-Known New Solution (17Sep2023)

2023 - ‘Reset’ year for Quantum Computing (14Sep2023)

'Mnemonic’ identity solutions and Shoulder Surfing (14Sep2023)

Shoulder Surfing - Possibility and Probability (10Sep2023)

Non-Existent Crypto Keys to be Regenerated from Image Memory when Needed (8Sep2023)

Don’t Mix Up Identification with Authentication? (31Aug2023)

Image Memory versus Text Memory (27Aug2023)

How to Safely Manage Many Complex Password?(20Aug2023)

Quantum Resistant Cryptography for Expanded Password System?(18Aug2023)

CyberPeace Institute?(17Aug2023)

Power of ‘Image-to-Password’ Converter?(2Aug2023)

Teaming Up with Top Brand Quantum Resistant Cryptography?(19July2023)

Digital Exclusion - Made Intractable by Unmanageable Passwords?(9July2023)

Shameless, Outrageous Japanese Government?(6July2023)

Japan’s Flaky ID Card Scheme - What Lies at its Root??(4July2023)

Why Still Sticking to Unmanageable Text-Only Passwords??(4July2023)

Accounts Broken or Bypassed? (24June2023)

Am I What My Body Features Look Like??(20June2023)

Cryptography We Rely Upon?(19June2023)

?FTC’s Sadly Irrelevant Password Recommendations?(12June2023)

How to Not Create Single Point of Failure in Password Manager?(9June2023)

By Compromising Accounts or Skipping Accounts??(8June2023)

What about Login by Selection of Projected Images??(7June2023)

Appropriate Naming for Intelligence-Mimicking Algorithm?(7June2023)

Image-based Login Misunderstood by Developers Themselves?(5June2023)

Stupid Password’, ‘No Password’?or?‘Practicable and yet Secure Password’???(31May2023)

Most Important Area of Cybersecurity - It’s Where We are Working?(30May2023)

Cost Benefit of Using Images for Login?(29May2023)

Defense of/with Our Identity against AI-Armed Criminals (24May2023)

Not Relying on Password Vault is Even Better?(23May2023)

What to Do for Login to Mobilephone ??(20May2023)

Complex Problem of Complex Password?(17May2023)

Very Clever or Just Narrow-Sighted??(13May2023)

Allowing ‘Mimicked Intelligence’ to Displace Human Intelligence ??(3May2023)

Entropy of Image-based Password?(27Apr2023)

Identity and Artificial Intelligence?(27Apr2023 - Publication at aiTech Trend)

Hypothesis? - Yes, it was Hypothesis Two Decades Ago?(25Apr2023)

Prepare against not just Naive Guys but Shrewd Guys?(17Apr2023)

Excellent News for Bright People - Sadly Not for Me?(13Apr2023)

Message to DIACC?(7Apr2023)

Solid Digital Identity for Defense of Data Privacy?(4Apr2023)

Mnemonic Gateways as Leading Digital Identity App?(30Mar2023)

When, why and how Expanded Password System was developed? (28Mar2023)

Prepare against Vicious AI?(22Mar2023)

Citizens’ Image Memory for Phishing Deterrence?(13Mar2023)

Secure Hack?(11Mar2023)

No Trust on Password, No Trust on Zero Trust (10Mar2023)

Threat of Screen-Read Spyware versus Image-based Authentication?(10Mar2023)

No Report Means No Damage??(5Mar2023)

Presentation for Banking Association of Central and East Europe?(27Feb2023)

AI Program with No Identity?(24Feb2023

Artificial Intelligence, Privacy and Digital Identity (18Feb2023)

Healthy Second Life for Legacy Password Systems?(14Feb2023)

Modest AI Wanted?(10Feb2023)

Password Manager with No Password Vault?(6Feb2023)

Digital Identity Racing with Artificial Intelligence ??(1Feb2023)

Identity Security for Privacy?(29Jan2023)

Non-Existent Crypto Keys Regenerated from Citizens’ Non-Volatile Memory?(28Jan2023)

Quantum Apocalypse?(19Jan2023 - Defence to be made of citizens' non-volatile unique memory)

New Team Member?(18Jan2023 Isaac Berawang)

From ‘Password Fatigue’ to ‘Fatigue-free Password’(14Jan2023)

Digital Identity Platform of Our Choice - Exciting Future?(12Jan2023)

20-Year Take-Off (8Jan2023 - History and Prospect of Expanded Password System)

What about Getting Rid of Password Vault ? (7Jan2023 - On the failure of LastPass)

For ENISA (6Jan2023 - We are offering help to ENISA, not vice versa)

Brain Implants - What if Accessed by Bloodsuckers and Psychopaths? (26Dec2022)

What about AI Deployed by No-Ethics Guys? (18Dec2022)

Confidence of Dominance?(16Dec2022 - Dominance over 'passwordless' forces)

SECURITY PILL - Video Interview with The Cyber Express?(13Dec2022)

Some More Topics on Digital Identity?#7 (27Nov2022 - Hybrid Text Password )

Some More Topics on Digital Identity?#6 (23Nov2022 -Secure Brain-Machine-Interface )

Some More Topics on Digital Identity?#5 (19Nov2022)

Very Good for Login with Selection of Pictures?(18Nov2022 - Google VR glasses)

Some More Topics on Digital Identity?#4 (14Nov2022- Login under Duress)

How to Not Reuse Passwords?(12Nov2022)

Some More Topics on Digital Identity?#3 (10Nov2022 -Impact of AI and Quantum-Computing?)

Some More Topics on Digital Identity?#2 (8Nov2022 - Cryptography for Digital Identity)

Some More Topics on Digital Identity #1 (5Nov2022 - Dementia and Authentication)

We live in 'Analog/Digital-Fused' Age?(7Nov2022)

Cybersecurity Awareness October is Over – Power of Password Will Stay? (2Nov2022)

Identity Assurance by Citizens’ Non-Volatile Autobiographic Memory?#19 (Leak-proof Password Manager)

Wish to Cut Down Password-Reset Cost? - Look to Citizens’ Long-Term Memory? (29Oct2022)

Identity Assurance by Citizens’ Non-Volatile Autobiographic Memory?#18 (27Oct2022 - Global HQ set up in United Kingdom)

Bright Prospect in Africa, from Nigeria, United Kingdom and Japan (26Oct2022)

Credentials - The?#1?Organizational Security Weakness (25Oct2022)

Identity Assurance by Citizens’ Non-Volatile Autobiographic Memory?#17 (24Oct2022 - Non-flammable Ant versus Inflammable Elephant)

Simpler Phishing-Resistant Digital Life?(22Oct2022 - Feed a fake password and watch what will happen)

Identity Assurance by Citizens’ Non-Volatile Autobiographic Memory?#16??(20Oct2022 - What can be competitions to Expanded Password System)

Solidly-Configured 2FA?is Stronger than Poorly-Configured 3FA?(15Oct2022 - MFA Hype)

Not just Strong but also Practicable??(14Oct2022 - Password should be)

Where the likes of CAPTCHA will no longer be wanted ???(11Oct2022 - No need to tell humans from non-humans)

Ditch Old Idea - Password Spray Attack is Easily Preventable?(11Oct2022 - Key is High Entropy)

Identity Assurance by Citizens’ Non-Volatile Autobiographic Memory?#15 (10Oct2022 - Positioning of Expanded Password System)

Identity Assurance by Citizens’ Non-Volatile Autobiographic Memory?#14 (10Oct2022 - Unlimited Use Cases)

Orchestration Presupposes Knowledge of Instruments (8Oct2022)

Democracy is Premise for Meaningful Identity Assurance? (8Oct2022)

Identity Assurance by Citizens’ Non-Volatile Autobiographic Memory?#13 (7Oct2022 - Long-term use by Japan's Military)

Identity Assurance by Citizens’ Non-Volatile Autobiographic Memory?#12 (6Oct2022 - What to gain)

Identity Assurance by Citizens’ Non-Volatile Autobiographic Memory?#11 ((3Oct2022 - What about entropy?)

Identity Assurance for Democracy and Privacy? (3Oct2022)

Someone Else’s Predicament ? (30Sep2022)

Identity Assurance by Citizens’ Non-Volatile Autobiographic Memory?#10 (1Oct2022 - Malleable episodic memory is helpful)

Identity Assurance by Citizens’ Non-Volatile Autobiographic Memory?#9 (28Sep2022 -Relation between Accounts and Corresponding Passwords)

Identity Assurance by Citizens’ Non-Volatile Autobiographic Memory #8 (27Sep2022 - Broad choice: text, symbols and unforgettable images)

Identity Assurance by Citizens’ Non-Volatile Autobiographic Memory?#7? (24Sep2022 What is Expanded Password System)

Identity Assurance by Citizens’ Non-Volatile Autobiographic Memory #6 (21Sep2022 - Episodic memory)

Identity Assurance by Citizens’ Non-Volatile Autobiographic Memory #5 (19Sep2022 - What is new?))?

Identity Assurance by Citizens’ Non-Volatile Autobiographic Memory #4 (18Sep2022 - Volition and memory)

Identity Assurance by Citizens’ Non-Volatile Autobiographic Memory #3 (17Sep2022 - Basics of Authentiators)

Identity Assurance by Citizens’ Non-Volatile Autobiographic Memory #2 (16Sep2022 - Problem to solve)

Semi-Permanent Perspective for Expanded Password System (13Sep2022)

Identity Assurance by Citizens’ Non-Volatile Autobiographic Memory #1 (12Sep2022 - Introduction)

Basics of Digital Identity Revisited (9Sep2022)

What Separates Who Needs from Who Provides (8Sep2022)

Identity Assurance should be Revalued (6Sep2022)

Role of Secret Credential is Missing in This Report (2Sep2022)

FIDO and Biometrics?(31Aug2022)

Then, Pay More Attention to Identity Security (30Aug2022)

Leak-Prone or Leak-Proof ? (27Aug2022)

FIDO and Expanded Password System? (26Aug2022)

Give Correct Tools to People? (25Aug2022)

New Development at ENISA (18Aug2022)

Login under Duress (12Aug2022)

Mathematical Strength of Login Credential (11Aug2022)

Dementia and Authentication (10Aug2022)

Defense Use of Expanded Password System (3Aug2022)

Theft-Resistant Credential (31July2022)

Keep Defense Line Protected against Threats from Within (16July2022)

Hate to Spend Another Few Minutes for Safer Login ? (16July2022)

New Member of Board of Directors Announced at MIS (15July2022)

Any News on Quantum-Resistant Hash Algorithms? (9July2022)

?Quick-Fix Solution when EPS is Not Available (9July2022)

Graphene Ant Going to Fell Paper Elephant - Exciting Scenery of Digital Identity (6July2022)

What Digital Identity Professionals are Expected to be Familiar with (4July2022)

Warm Login Interface for Cold Digital Computing (28June2022)

?- How Can We Easily Manage the Hard-to-Manage Password?(7June2022)

- What is Most Crucial to?‘Zero Trust’ Schemes ??(5June)

- Protection by Cryptography Can’t be Above Protection by Login Credential (3June)

- Rely upon Citizens’ Autobiographic Memory (13May)

- What Else Can We Do about This Trilemma? (11May)

Coffee Break - Parody Cartoon 1

- Digital Identity Wallet to Help or Harm Citizens (1May)

- High-entropy Codes Generated from Simple Alphanumerics (28Apr)

- Threat to Digital Wallet (23Apr)

- Solid Account Protection in Cyberwar Era (11Apr)

- Power of Humans’ Episodic Memory for Defence of Democracy (8Apr)

Tea Break - Parody Cartoon 2

- What We CAN DO and What We MUST NOT DO?against Credential Thieves (4Apr)

- Password is So Easy-to-Steal. Therefore ... (30Mar)

- Space, Satellites and Cybersecurity (26Mar)

- Seemingly-Stronger Authentication as against Stronger Authentication (23Mar)

- For Speedier Reinforcement in Cyber Defence against Tyrants (20Mar)

- Clever Solutions to Silly Passwords??(19Mar)

Coffee Break Parody Cartoon 3

- "Anxiety-Easing Effect of Your Episodic Memory" as Cybersecurity Discussion (17Mar)

- Solution Resides in Citizen’s Brain Unnoticed (14Mar)

- Cyber Risks for National Defence (8Mar)

- Make Safer Use of Conventional Password Systems (5Mar)

??

How Can We Easily Manage the Hard-to-Manage Password

?Passwords are often blamed for bringing the worst headache to our digital life; how come it is so hard to manage!

?Most of us are unable to remember and recall more than several passwords.?

?Those of us, who can somehow manage to remember several of them, find that they are unable to remember the relations between the passwords and the corresponding accounts .

?????? * I owe the table above to a friend? ?https://www.dhirubhai.net/feed/update/urn:li:activity:6937000000727990273/

?On the other hand, writing/storing multiple passwords and the corresponding accounts and carrying around the memos/storages outdoor brings the risk of physical theft, which exposes the single point of failure.

?It seems there is no way out of this trilemma.?(*1)

Password managers are known to enable us to create and manage 18-character passwords that stand 1qt years (see the table below). Conventional password managers, however, have a couple of big problems - the users have to struggle to manage their hard-to-break=hard-to-recall strong master-passwords while they cannot escape the single point of failure (*2).

?*1 What was hard to manage was a conventional text-only password.?It was just that there was no way out because we only stuck to alphanumeric texts as the material of passwords.?Why not look to the potential of 'Non-text' secret credential?

"Solution Resides in Citizen’s Brain Unnoticed"??https://www.dhirubhai.net/posts/hitoshikokumai_democracy-privacy-ethics-activity-6908966261007503360-_Cd_

*2 Now there is a new breed of 'leak-proof' password manager powered by citizens' episodic memory that has been solidly inscribed deep in our brain. It enables us to achieve far better availability and usability as well as higher security.

“Fend off cyberattacks on democracy” https://www.dhirubhai.net/pulse/fend-off-cyberattacks-democracy-hitoshi-kokumai/

?Well, by any chance, aren’t you considering that all those problems would go away at once if?we ditch the hated password altogether ?

?"Ditching Password for Ditching Security and Democracy ?” https://www.dhirubhai.net/posts/hitoshikokumai_democracy-privacy-ethics-activity-6939413376049512448-bpJC

?* Recent digital identity comments are mostly collected for quick reference at https://www.dhirubhai.net/pulse/collection-digital-identity-comments-hitoshi-kokumai-posted-kokumai/

?What is Most Crucial to?‘Zero Trust’ Schemes ?

?Driven by this C4IS report - “To maximize cybersecurity dollars, lean on Zero Trust” https://www.c4isrnet.com/opinion/2022/06/02/to-maximize-cybersecurity-dollars-lean-on-zero-trust/

The answer is ‘Solid Identity Assurance’ for the people who are responsible for operation and management of the zero trust schemes.?

?‘Zero Trust’ would immediately turn into ‘Zero Security’ when the identities of these people are compromised.?Then, what is most crucial to the solid identity assurance??

?The solution is ‘Solid Secret Credential’, i.e., ‘Solid Password’, with a caveat that ‘solid password’ is extremely hard to achieve where we stick to ‘text-only’ passwords.?

?Fortunately, we know that we can find a valid solution from ‘Non-Text’ memories.?The identity assurance powered by non-text secret credentials is not a hypothesis but has actually been practiced by soldiers for encrypted communications in the stressful outdoor environment since 2013 .

?Ref:?“Rely upon Citizens’ Autobiographic Memory” https://www.dhirubhai.net/posts/hitoshikokumai_43-billion-stolen-through-business-email-activity-6930727049183576064-qBI9

?and also “Two Ways of Damaging Cyberdefence from Within”?https://www.dhirubhai.net/posts/hitoshikokumai_democracy-privacy-ethics-activity-6919830534051307520-iQte

Protection by Cryptography Can’t be Above Protection by Login Credential

?“Ukraine war shows danger of unencrypted communications, says US Army secretary” https://www.c4isrnet.com/battlefield-tech/c2-comms/2022/06/01/ukraine-war-shows-danger-of-unencrypted-communications-us-armys-wormuth/

?Shall we consider a very typical case that a message is encrypted by a cryptographic module that can stand the fiercest brute forces attacks for trillions of years, while the digital identity of?the recipient who is to decrypt the encrypted message is protected by a password/pincode that a PC can break in a matter of hours or even minutes???

?As such, protection by cryptography can’t be above protection by login credential, passwords in most cases.?The lower of the two decides the overall protection level.

?This observation urges us to make the secret credentials the most solid and reliable. Here we propose that we can make use of citizens’ episodic memory that is firmly inscribed deep in their brains for their secret credentials, as discussed in “Solution Resides in Citizen’s Brain Unnoticed” https://www.dhirubhai.net/posts/hitoshikokumai_democracy-privacy-ethics-activity-6908966261007503360-_Cd_

?Well, we know that there are quite a few people who are pushing us to ditch passwords. Our analysis of this misperception is presented here – “Moral Responsibility for Having Awoken” https://www.dhirubhai.net/posts/hitoshikokumai_democracy-privacy-ethics-activity-6936846391776292864-C2Lg

?Would it be very wise to weaken the defence from within when we face formidable adversaries who are making every effort to destroy our defence line?

Rely upon Citizens’ Autobiographic Memory

?Driven by this Tripwire report - “$43 billion stolen through Business Email Compromise since 2016, reports FBI”?https://www.tripwire.com/state-of-security/security-data-protection/43-billion-stolen-through-business-email-compromise-since-2016-reports-fbi/

?This report indicates that a big chunk of the attacks involve the compromise of login credentials.

?Identity Assurance by citizens’ autobiographic/episodic memory helps a lot to thwart the attacks that break the user authentication, as discussed here - “Solution Resides in Citizen’s Brain Unnoticed”???https://www.dhirubhai.net/posts/hitoshikokumai_democracy-privacy-ethics-activity-6908966261007503360-_Cd_

?Needless to say, two-channel/factor authentication certainly helps as recommended in the report.?We have our own two-channel solution that enables us to register images of our episodic memory to be displayed on a second device.

?Here, we would like to emphasise how important it is to be mindful of the difference between ‘weak password and token’ and ‘strong password and token’;?when the token is lost, stolen or compromised, a hard-to-break password would be the last resort.

?It is always crucial to have a good password for an important account, irrespective of?whether it is a single factor of password or a two-factor scheme of password and token.

?Well, thinking of 2-factor schemes of biometrics and password???Then, have a quick glance at “Two Ways of Damaging Cyberdefence from Within”?????https://www.dhirubhai.net/posts/hitoshikokumai_democracy-privacy-ethics-activity-6919830534051307520-iQte

?What Else Can We Do about This Trilemma?

?Driven by this technology report - “Millions of Australians exposed to cybercriminals for using the same password Despite most being familiar with the dangerous threat posed by cybercriminals, a startling volume of Australians are using the exact same password.” https://www.news.com.au/technology/online/hacking/millions-of-australians-exposed-to-cybercriminals-for-using-the-same-password/news-story/6549ec5fe6d3864d41dc223174a0e57f

?Most of us humans are unable to remember more than several passwords.

?Those of us who can somehow manage to remember them find that they are unable to remember the relations between the passwords and the corresponding accounts .

?On the other hand, writing/storing all the passwords and the corresponding accounts that we cannot remember and carrying around the memos/storages containing those passwords and accounts in outdoor environment brings the risk of physical theft.

?It looks like there is no way out of this trilemma. Yes, there is no way out SO LONG AS we stick to alphanumeric texts as the material of passwords.

?Why not look to the potential of 'Non-text' secret credential?

?"Solution Resides in Citizen’s Brain”?Unnoticed"??https://www.dhirubhai.net/posts/hitoshikokumai_democracy-privacy-ethics-activity-6908966261007503360-_Cd_

??Well, considering "password-less' schemes by any chance??Wait a moment and refer to "Don’t be So Irrational and Illogical" https://www.dhirubhai.net/posts/hitoshikokumai_microsoft-apple-google-step-up-push-to-activity-6928526197622521856-5x63

?Coffee Break - Parody Cartoon ?1 (published in 2005)?????????

?Digital Identity Wallet to Help or Harm Citizens

?In reply to the request for comments on PCTF Digital Wallet Draft Recommendation from Digital ID & Authentication Council of Canada (DIACC) over “Provide Citizens and Consumers with a Digital Identity Wallet ” and related issues,

?I submitted the following comment.

?..........................

?(1)?I am extremely worried to see ‘passwordless authentication’ loudly touted by quite a few security professionals and supported by a number of big tech firms in view of the grave threats it brings to both democracy and security.

?I cannot understand how it is possible for all those people to be so indifferent to the inevitable consequences of the authentication schemes that do not involve our volition in the authentication process.

?What we would see is a society in which citizens’ identity is easily established while they are unconscious or unable to move.?Can it be a democratic society?

?‘Passwordless’ schemes not only erode the values of democracy but also destroy the identity security as examined in these brief comments -

??"Then, Firstly, Defend Digital Identity Platform against Threats from Within" https://www.dhirubhai.net/posts/hitoshikokumai_ukraine-conflict-heightens-us-militarys-activity-6922006682449457152-rEdl

?"Two Ways of Damaging Cyberdefence from Within" https://www.dhirubhai.net/posts/hitoshikokumai_democracy-privacy-ethics-activity-6919830534051307520-iQte

?"Remove the army and we will have a stronger national defense"?https://www.dhirubhai.net/posts/hitoshikokumai_going-passwordless-what-are-the-benefits-activity-6815852512889978880-R3RR

?This is what we MUST NOT consider.

?(2)?As examined above, we will probably have to keep relying on the password (= secret credential) for many more generations, whereas it is obvious that humans are unable to manage passwords reliably so long as we stick to texts. We need to provide citizens with some solution to fill this gap.

?I have been suggesting for two decades that we could look to ‘Non-text’ secret credentials, especially the unforgettable images of our pleasantly emotion-coloured episodic memory that had been firmly inscribed deep in our brain.

?Here are my latest writings on this subject -

?“Threat to Digital Wallet” (23/Apr)?https://www.dhirubhai.net/posts/hitoshikokumai_apple-icloud-account-attack-results-in-man-activity-6923482580461793280-eI1Q

?“Digital Identity for Digital Currency”(18/Apr) https://www.dhirubhai.net/posts/hitoshikokumai_central-bank-digital-identity-activity-6921694537610383361-0Ok5

?and this is a comprehensive article published three weeks ago - - “Fend off cyberattacks on democracy”?https://www.dhirubhai.net/pulse/fend-off-cyberattacks-democracy-hitoshi-kokumai/

?This is what we could consider.

?.......................

?I hope that we will be heard.

?High-entropy Codes Generated from Simple Alphanumerics

Expanded Password System that encourages us to register the unforgettable images of our pleasant old memory as our secret credential for solid identity assurance also enables us to generate a high-entropy code from an easy-to-recall short text.

A certain combination or permutation of the registered images and characters makes the credential.

Visual-manual brute force attacks on the display, as against automated brute force attacks, can be coped with easily.

As such we are able to handle images as well as texts, not instead of, on Expanded Password System.

< Reference >

“Power of Humans’ Episodic Memory for Defence of Democracy” https://www.dhirubhai.net/posts/hitoshikokumai_ukrainian-soldiers-facebook-accounts-targeted-activity-6918044162130923520-MkKb

“Solution Resides in Citizen’s Brain Unnoticed” https://www.dhirubhai.net/posts/hitoshikokumai_democracy-privacy-ethics-activity-6908966261007503360-_Cd_

‘Manual Attack’ as against ‘Automated Attack’ https://www.dhirubhai.net/posts/hitoshikokumai_identity-authentication-password-activity-6810448703682420736-hwRv/

“Two Ways of Damaging Cyberdefence from Within” https://www.dhirubhai.net/posts/hitoshikokumai_democracy-privacy-ethics-activity-6919830534051307520-iQte

Threat to Digital Wallet

Driven by this Bitdefender report - “Apple iCloud account attack results in man losing $650,000 from his cryptocurrency wallet”?https://www.bitdefender.com/blog/hotforsecurity/apple-icloud-account-attack-results-in-man-losing-650-000-from-his-cryptocurrency-wallet-2/

What if the private key of PKI to protect digital assets does not need to be physically stored anywhere in the world, but can be quickly recovered at any time from (only from) the unforgettable images of citizens’ episodic memory firmly inscribed deep in their brains?

Though not a silver bullet, it could largely mitigate this kind of problem as discussed here - “Digital Wallet – What to Protect against What?”?https://www.dhirubhai.net/posts/hitoshikokumai_identity-authentication-password-activity-6761903808357523456-_un7

?and “Follow-Up: Loss of Digital Wallet”? https://www.dhirubhai.net/posts/hitoshikokumai_lost-passwords-lock-millionaires-out-of-their-activity-6760083674382905344-F1lW

?This solution will be offered as a software package for users’ devices when we have teamed up with resource-rich technology partners;?we?already have the image-to-code converter module to be incorporated in Mnemonic Gateways leak-proof password manager.?

?Solid Account Protection in Cyberwar Era

Driven by this Microsoft publication - “Disrupting cyberattacks targeting Ukraine” https://blogs.microsoft.com/on-the-issues/2022/04/07/cyberattacks-ukraine-strontium-russia/

The window or attack surface opened for adversaries would not be as wide as it is now if identity assurance platforms were not badly damaged from within by such misguided practices as ‘passwordless’ and ‘biometrics’ authentication schemes.

The window will be far narrower where citizens are encouraged to make use of their episodic memory firmly inscribed deep in their brains in addition to conventional textual memory. This helps the defence a lot against the attacks from without.

Ref: “Hardly-Known Cost on Democracy of NOT Having Solid Identity Assurance Platform” https://www.dhirubhai.net/posts/hitoshikokumai_democracy-privacy-ethics-activity-6917991678888865792-VYrG

Power of Humans’ Episodic Memory for Defence of Democracy

Driven by this CNN news - “Ukrainian soldiers' Facebook accounts targeted by hackers, Meta says”?https://edition.cnn.com/2022/04/07/tech/facebook-russia-targeting-ukraine/index.html

Password managers help against many cases of the password thefts. It helps yet better where the master credential of the password manager is made from our solid episodic image memory, not volatile textual memory.

With citizens’ limitless and firmly-inscribed episodic memory, we will largely mitigate the weak point of the conventional password manager, that it tends to create a single point of failure, say, putting all our eggs in a single basket,

We need to look at another weak point of the password manager, that is, it gives no protection to the login into the citizens’ devices on which the password manager software is installed.?Citizens’ episodic image memory helps a lot in this aspect as well from holistic point of view.

Ref: “Fend off cyberattacks on democracy” https://www.dhirubhai.net/pulse/fend-off-cyberattacks-democracy-hitoshi-kokumai/

Incidentally, some people seem to believe that removing the password altogether will solve the problem, presumably failing to look at the fact that an attack surface of the password is included within a defence surface of the password and, therefore, removal of the password inevitably removes the defence surface of the password that has provided a precious defence effect, resulting in the identity security destroyed from within.

Tea Break - Parody Cartoon 2 (published in 2005)

What We CAN DO and What We MUST NOT DO?against Credential Thieves

Driven by this report - "Google: Russian credential thieves target NATO, Eastern European military" www.theregister.com/2022/04/01/russian_credential_phishing/?utm_source=daily&utm_medium=newsletter&utm_content=article

People whose accounts are especially important might hopefully be interested in our proposition of repelling phishers with the power of their episodic image memory -?“How to Cope with Wily Phishers” https://www.dhirubhai.net/posts/hitoshikokumai_this-browser-in-the-browser-attack-is-perfect-activity-6912265141011038208-Ua6P

It would be very nice if you could share this information with your connections in defence and other critical sectors who must make every effort to protect their credentials.

By the way, conventional passwords are indeed frighteningly vulnerable to theft. It would be no big surprise, therefore, to see some people tempted to remove the password altogether, since what does not exist obviously can never be stolen.

You MUST NOT consider removing the password from identity assurance platforms, however.

It would only destroy identity security, for a very simple and plain reason which seems to have fallen into a blind spot of those people, that it is impossible to remove an attack surface of a password without removing a defence surface of the password which?somehow provides a positive security effect.

An attack surface exists inside a defence surface, not vice versa, as?visually examined in this comment - “Attack Surface and Defence Surface Visually Explained” https://www.dhirubhai.net/posts/hitoshikokumai_democracy-privacy-ethics-activity-6906433198109155328-hXJO

?and “Remove the army and we will have a stronger national defense” https://www.dhirubhai.net/posts/hitoshikokumai_going-passwordless-what-are-the-benefits-activity-6815852512889978880-R3RR

?Password is So Easy-to-Steal. Therefore ...

?Driven by this LinkedIn article on “Android password-stealing malware infects 100,000 Google Play users” ?https://www.dhirubhai.net/posts/alexandre-blanc-cyber-security-88569022_android-password-stealing-malware-infects-activity-6911776983458713600-JqF8

?Starting from the observation that the password is so easy to steal, some people jump to an idea that what does not exist cannot be stolen.

?Removal of the password does remove an attack surface of the password. Alas, however, it is impossible to remove the attack surface without removing a defence surface of the password that contains the attack surface in it. (*1)

?We think otherwise. We look to making use of NON-TEXT secret credentials. (*2)

?< Reference >

?*1 “Clever Solutions to Silly Passwords? - Do What You CAN NOT Do or What You MUST NOT Do”?https://www.dhirubhai.net/posts/hitoshikokumai_democracy-privacy-ethics-activity-6910783916157136896-YJ8x

?*2 “Solution Resides in Citizen’s Brain Unnoticed”?https://www.dhirubhai.net/posts/hitoshikokumai_democracy-privacy-ethics-activity-6908966261007503360-_Cd_

?Space, Satellites and Cybersecurity

?Driven by this LinkedIn post - “The Urgency To Cyber-Secure Space Assets”?https://www.dhirubhai.net/pulse/space-satellites-cybersecurity-chuck-brooks

?Whether on the earth or far away from the earth, a reliable authentication of users’ identity is the basic foundation of cybersecurity. And, nowadays, we need to look at the threat of humans being placed under AI’s control.

?In this aspect you might be interested to have a glance at “Volitional Digital Identity as Antidote against Side Effects of AI and Quantum Computing”?https://www.dhirubhai.net/posts/hitoshikokumai_quantum-computing-and-password-authentication-activity-6871641956540403712-0ZUI

?Seemingly-Stronger Authentication as against Stronger Authentication

?Driven by this report - “Reg reader rages over Virgin Media's email password policy”? https://www.theregister.com/2022/03/10/virgin_media_email_password_security/

?“No more than 10 alphanumerics, no special characters – in 2022?”, this report reads.

?10 alphanemerics is no more than a silly joke from the view point of the mathematical strength against automated brute force attacks. But we could be somewhat empathetic to those people, who might possibly have tried to be very kind to users;?from the view point of humans’ memory capacity, more than 10 alphanumerics with special characters are too much for many of us to manage without relying on a memo or storage.

?Starting from such a dilemma, we look to the potential of NON-TEXT secret credential for stronger authentication, whereas some people attempt to remove the secret credentials altogether.?

They offer a seemingly-stronger authentication - ‘Seemingly-Stronger’ because it can by no means be any stronger when the defence surface is removed along with the attack surface.

?They might have been misguided this way - a smaller attack surface means a better defence so removal of the attack surface altogether should mean a yet better defence.

?They tragically overlook a critical fact, that is, it is impossible to remove the attack surface of the password without removing its defence surface. They may have looked away from the fact that an attack surface is included in a defence surface as a section of it, not vice versa.

?Those seemingly-strong authentication schemes, which brings a false sense of security, sadly, make the attacks on the defence from within.

?For the false sense of security caused by ‘Seemingly-Stronger’ authentication schemes, you could refer to?“False Sense of Security that is Worse than Lack of Security”? https://www.dhirubhai.net/posts/hitoshikokumai_biometric-identity-fraud-on-the-rise-activity-6900649696822476800-qQQh

?and “Clever Solutions to Silly Passwords? - Do What You CAN NOT Do or What You MUST NOT Do”? https://www.dhirubhai.net/posts/hitoshikokumai_democracy-privacy-ethics-activity-6910783916157136896-YJ8x

?For NON-TEXT secret credential, please have a glance at “Solution Resides in Citizen’s Brain Unnoticed”?? ?https://www.dhirubhai.net/posts/hitoshikokumai_democracy-privacy-ethics-activity-6908966261007503360-_Cd_

?For Speedier Reinforcement in Cyber Defence against Tyrants

?People have no other choice but to continue to rely on conventional text passwords, remaining vulnerable to bad actors for many more years, where there is no really valid solution to the unreliable identity assurance platform.?

?And, people who are misguided towards 'passwordless' and 'biometrics' schemes would be even more vulnerable due to a false sense of security they are trapped in - you wrongly feel safer when you are actually less safe - as we have repeatedly examined.

?In view of the ongoing and rapidly growing threats from Putin’s instruments (*) and other well-organised adversaries, we wish to be part of the global efforts to fend off the attacks on democracy ASAP by contributing to build a solid identity assurance platform.

?*Biden: Russia 'exploring' US cyber-attacks https://www.bbc.com/news/technology-60829852

?With the experience of military-grade implementations of Expand Password System, we now have a proof-of-concept of ‘Mnemonic Gateways’ leak-proof password manager that gives a healthy second life to ubiquitous text password systems as outlined in?“Make Safer Use of Conventional Password Systems with Citizens’ Episodic Memory”?https://www.dhirubhai.net/posts/hitoshikokumai_mnemonic-gateways-90s-video-activity-6905704640881545216-7z0s

?Should we progress the project on our own, it would probably take a year or more to complete the Mnemonic Gateways and make it ready for global distribution, although we strongly wish to be of help to the global efforts to cope with the cyberthreats from the formidable adversaries as speedily as possible,

We would no doubt be able to expedite it significantly if we are joined by resource-rich technology partners.?Please give me a shout if you are interested or you know of someone who might be interested.

?Clever?Solutions to Silly Passwords? - Do What You CAN NOT Do or What You MUST NOT Do

?Here are two of the latest reports on the password predicament -

?“NVIDIA staff shouldn’t have chosen passwords like these…” https://grahamcluley.com/nvidia-staff-passwords/

“Ubisoft changes employee passwords after “cyber security incident”” https://grahamcluley.com/ubisoft-changes-employee-passwords-after-cyber-security-incident/

?As you probably know,?two kinds of ‘solutions’ are currently being touted -

?1. Continue to persistently repeat what we have been doing in vain, that is, trying to manage what humans are unable to manage, possibly expecting that humans might suddenly become able to do what humans has so far been unable to do;

?Outcome? I do not think it is worth spending more than a few seconds for it.

?2. Remove the password from identity assurance altogether, assuming that it is too obvious that humans are unable to reliably manage the text password and removal of the password is the removal of its attack surface, turning a blind eye to the fact that it is impossible to remove the attack surface without removing the defence surface that the password has somehow provided;?

?Outcome? Very grave - Destruction of security and erosion of democracy. We need to rectify this false perception ASAP.

?Well, we are promoting the third approach; look to the potential of?identity authentication with ‘Non-Text’ secret credentials.

?Outcome? Identity assurance that is not only practicable and secure but also is pleasant and even healing.

?<Reference >

?“Attack Surface and Defence Surface Visually Explained” https://www.dhirubhai.net/posts/hitoshikokumai_democracy-privacy-ethics-activity-6906433198109155328-hXJO

?“Solution Resides in Citizen’s Brain Unnoticed” https://www.dhirubhai.net/posts/hitoshikokumai_democracy-privacy-ethics-activity-6908966261007503360-_Cd_

?“Quantum Computing and Password Authentication” https://aitechtrend.com/quantum-computing-and-password-authentication/

?Cofee Break Parody Cartoon 3

"Anxiety-Easing Effect of Your Episodic Memory" as Cybersecurity Discussion

?Driven by this report - “Try this different but effective way to deal with anxiety. The author of Good Anxiety details how to activate your brain in the background that can help you deal with nerves when they pop”? https://www.fastcompany.com/90718950/try-this-different-but-effective-way-to-deal-with-anxiety

?In this article there is a reference to?the anxiety-easing effect of your pleasant episodic memory, which indicates that, every time you make login with the images of your comfortable episodic memory, you could be mitigating your unwelcomed anxiety, unknowingly but effectively.

?This anxiety-easing effect could well be a bonus, say, an extra benefit of making wise use of your episodic memory in addition to the firm defence of?digital identity and values of democracy.

?For more information on the enjoyable identity authentication powered by your episodic memory, please visit our website - https://www.mnemonicidentitysolutions.com/

?Solution Resides in Citizen’s Brain Unnoticed

?What solves the password headache has long existed in citizens’ brains as autobiographic memory, especially episodic image memory.?People?simply were not awake to its power.?

?We were recently asked what is unique with our proposition of Expanded Password System. Our answer - it is our attempt to combine Brain Science and Security Technology. It enables us to find a valid solution to the password predicament in our brain.

?A valid solution resides in citizens’ brain unnoticed and we, to put it simply, came up with a tool for citizens to make use of the power so fa unnoticed.

?By the way, we were also asked what the world would be like without our solution, to which we answer as follows.

?Without our solution, people who continue to rely on conventional text passwords would remain vulnerable to bad actors for many more years.

?People who wrongly believe in 'passwordless' and 'biometrics' schemes would be even more vulnerable due to a false sense of security they are trapped in.

?Not easy to agree??Visit the following pages.

?"Remove Deterministic Password by Relying on Probabilistic Biometrics is Good for Better Security" ?https://www.dhirubhai.net/posts/hitoshikokumai_democracy-privacy-ethics-activity-6942313086020120576-r0Ei

?"Biometrics Misclaimed vs Rational Being" ?https://www.dhirubhai.net/posts/hitoshikokumai_democracy-privacy-ethics-activity-6943763316909424640-6wVh

?Cyber Risks for National Defence

?Driven by this C4ISR report - “US Navy memo warns of cyber risks amid global tensions” https://www.c4isrnet.com/cyber/2022/03/02/us-navy-memo-warns-of-cyber-risks-amid-global-tensions/

“Hackers have exploited mistakes on Navy and private, at-home networks by stealing or guessing passwords and other credentials, furtively installing malware, and posing as service members or veterans to pry information out of people”

?We can contribute to the defence against “stealing or guessing passwords and other credentials”

?1. by debunking a widely spread false sense of security caused by the incorrect perception of ‘zero-password’ and ‘password-dependent biometrics’ authentication schemes that sadly makes the attack from within

?as well as

?2. by offering a new breed of leak-proof password manager, consumer version of which will be distributed to global citizens free-of-charge, which helps fend off the attacks from without

?<Reference >

?1. “Attack Surface and Defence Surface Visually Explained” https://www.dhirubhai.net/posts/hitoshikokumai_democracy-privacy-ethics-activity-6906433198109155328-hXJO

?2. “Make Safer Use of Conventional Password Systems with Citizens’ Episodic Memory” https://www.dhirubhai.net/posts/hitoshikokumai_mnemonic-gateways-90s-video-activity-6905704640881545216-7z0s

?Make Safer Use of Conventional Password Systems with Citizens’ Episodic Memory

?“Mnemonic Gateways” -?a new breed of leak-proof password manager powered by citizens’ episodic memory - is intended to make contributions in dual aspects -

?1. Enabling global citizens to make safer use of conventional text password systems

?2. Offering a healthy second life to the ubiquitous legacy text password systems

?It is ‘leak-proof’; the passwords, which are generated and re-generated on-the-fly through our image-to-code conversion from citizens' hard-to-forget episodic image memory, will be deleted from the software along with intermediate data when it is shut down.

?The merits of episodic image memory - numerous episodes are firmly retained deep in our brain for so many years - enable us to easily handle multiple password managing modules with multiple unique sets of images; it helps us avoid creating a single point of failure.

?90-second demonstration video -?https://lnkd.in/gA9HiPEr

?The business prospectus of Mnemonic Gateways is now publicised on the top page of our corporate website - https://www.mnemonicidentitysolutions.com/

?The contribution of ‘Identity Assurance by Our Own Volition and Memory’ to the global society is expected to last over many generations until humans come up with something other than ‘Digital Identity’

?Not only it promotes Social Good but it also brings Economic Benefits.?You could?consider joining, helping and supporting our project in some way or other in any of the following aspects -

- research, development and software production

- distribution, marketing and promotion

- finance and corporate management

- multi-language operations

- partnership and collaboration

?As the backdrop of the Mnemonic Gateways project, here is a 90-second video introduction of Expanded Password System - “Fend Off Cybercrime by Episodic Memory” https://youtu.be/T1nrAlmytWE

?

?< Earlier References >

?"Summary and Brief History - Expanded Password System" ?https://www.dhirubhai.net/pulse/summary-brief-history-expanded-password-system-hitoshi-kokumai

"Quantum Computing and Password Authentication" ?(mentioned as the most ‘trending’ article at NY-based aiTech Trend) https://aitechtrend.com/quantum-computing-and-password-authentication/

For more, visit our website - https://www.mnemonicidentitysolutions.com/