Democracy and Digital Identity

The merits of Expanded Password System that accepts unforgettable images as well as texts are presented in view of the value of...

        
· 3 min read >

I am a new comer to this forum. I was the interviewee for Risk Roundup #222 titled ‘Expanded Password System’.

I talked about the huge merits of making use of our episodic image memory for digital identity. Specifically, Expanded Password System (EPS), which accepts unforgettable images as well as texts, is practicable for the elderly and the panicked people, which explains why it is practiced by soldiers in the field. 

And, what is practicable in the most demanding environment for the most demanding application can be easily practiced in everyday environment for everyday applications; the reverse is not true, though.

More on Expanded Password System

Here is a 3-minute video outlining what EPS is.

Should you be interested to see the overall picture of Expanded Password System, please have a look at this article – “Proposition on How to Build Sustainable Digital Identity Platform”

Hearing that EPS accepts non-text memory objects such as visual images as well as texts., some people are led to suppose that they need to consider a big investment to replace or re-build the existing text password systems.

It is not the case. All that they need to do is ensure that the password system accepts very long passwords, desirably hundreds of characters, for obtaining very high-entropy hashed values that can stand fierce brute force attacks.

 Then, they would be free to opt to

  1. recommend the security-conscious users to try a simple two factor authentication made of a remembered password (what we remember) and a memo/storage with a long password written/stored on (what we possess), which they can use right away at no cost.
  2. recommend the users who want both higher security and better convenience to consider the ‘Image-to-Text Converter cum Entropy Amplifier’ software when EPS becomes readily available to all the citizens. The ‘Image-to-Text Converter cum Entropy Amplifier’ software can be offered as a plug-in module either for the server or the user’s device.

Democracy and Digital Identity

Passwords are so hard to manage that some people are urging the removal of passwords from digital identity altogether. They loudly advocate “Higher security achieved by removal of passwords.

I wonder if they are aware of what they mean by what they say.  A society where identity authentication is allowed without users’ volition would be the society where democracy is dead.  It’s a tyrant’s utopia.

Democracy must require the individuals to have the rights not to get their identity authenticated without their knowingly confirming it. This volitional process can be achieved only with volitional identity authentication made possible by memorized secrets, i.e., passwords.

Incidentally we are also witnessing such funny phenomena as quoted below.

‘PIN’ is an abbreviation of ‘Personal Identification Number’, which is unexceptionally used as an authenticator, not an identifier.

‘Password’ is defined by the central police agency as ‘Personal Identification Code’ in a country where I was grown up.

Quite a few people utter such a word as ‘Password Identification’ here and there.

 These awkward phenomena are found not only in the general public but among the ‘professionals’ of cyber security and identity management, although the difference between ‘identification’ and ‘authentication is unmistakably clear; ‘Identification’ is to give an answer to the question of ‘Who is he/she?’, while ‘Authentication’ is to answer ‘Is he/she the person who claims to be?’  How on earth would it be possible to mix them up? 

Our hypothesis is that the field of cyber security and identity management is too heavily populated by single-mindedly technology-obsessed people.  This also makes the foundation for the wide spread myth that a higher security will be achieved by removing the password from digital identity. The value of democracy is obviously out of their sight.

We have to conclude that we wish to see the people in security and identity management to be more interested in liberal arts and common sense; digital identity is a problem of philosophy as well as technology.

Hitoshi Kokumai

PS Below are parodies that occurred to me with respect to the upended concept of ‘higher security achieved by removal of passwords.

———————–

Current foot brakes are far from sufficient in the slip distance. This means that the foot brake system is dangerous. We have now removed the dangerous foot brake system from the cars we sell. We instead offer the safer cars that are equipped with better steering wheels, better acceleration pedals and better hand brakes.

Physical keys are often stolen, copied and abused. This means that the lock/key system is dangerous. We have now removed the dangerous lock/key system from the houses that we sell. We instead protect our houses by making the door panels thicker and heavier

Passwords are often stolen, leaked and abused. This means that the password system is dangerous. We have now removed the dangerous password system from digital identity. We now protect the digital identity of our clients by offering the safer combinations of ‘physical tokens and biometrics’ instead of the dangerous combinations of ‘passwords’, ‘physical tokens’ and ‘biometrics’.

Written by Hitoshi Kokumai
Advocate of ‘Identity Assurance by Our Own Volition and Memory’, Hitoshi Kokumai is the inventor of Expanded Password System that enables people to make use of episodic image memories for intuitive and secure identity authentication. He has kept raising the issue of wrong usage of biometrics and the false sense of security it brings for 18 years. Mnemonic Security Inc. was founded in 2001 by Hitoshi Kokumai for promoting Expanded Password System. Following the pilotscale operations in Japan, it is seeking to set up the global headquarters. Profile
New Year Message

New Year Message

Risk Group in Thought Leadership
  ·   28 sec read
SiteLock