Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

What can we expect from expanded password system


Published on

Using a strong password does help a lot even against the attack of cracking the leaked/stolen hashed passwords back to the original passwords. The problem is that few of us can firmly remember many such strong passwords.  It is like we cannot run as fast and far as horses however strongly urged we may be. We are not built like horses.

It is too obvious that the conventional alphanumeric password alone can no longer sustain the need of the age and we urgently require a successor to it, which should be found from among the broader family of the passwords and the likes.

Published in: Technology
  • Be the first to comment

What can we expect from expanded password system

  1. 1. Expanded Password System: What can we expect from a password system that accepts images in addition to characters, particularly the images of episodic memory? The answer is the ability to volitionally manage many more passwords by our own remembrance. Assuming that you somehow remember 5 high-entropy character passwords, you will now be able to keep using those 5 strong passwords and, on top of it, you will also be able to manage many more firmly remembered passwords in the form of the episodic-memory pictorial passwords. We can remember and recall only 5 text passwords on average, not due to our silliness or laziness, but due to the cognitive phenomenon called "Interference of Memory". Memories of numbers and characters, which contain very limited information, are subject to the severe interference of memory which causes terrible confusions in what we remember, whereas the memories of images and pictures, particularly those of episodic/autobiographic memories that contain a great deal of information with emotional feeling, are not. This indicates that it would not be difficult for us to manage passwords well beyond 5 or 10 by our remembrance. The expanded password system that accepts images in addition to characters can be viewed as an enhanced successor to characters-only password systems on its own when we make sure that confidentiality is not lost in view of the attacks like shoulder surfing and social engineering. Such EPS can be easily practiced by the IT-illiterate elderly at one end, the soldiers caught in panic on the battleground at the other and a number of businesspeople who need to cope with dozens of accounts each requiring unique passwords in the middle. Furthermore, the expanded password system (EPS) will enable us to see truly powerful multi-factor authentications with a strong unique password being used as one of the factors for all different accounts, whether indoor or outdoor. The EPS would also enable us to see the decentralized ID federations with a strong unique password being used as the master-password for each of single-sign-on services and password management tools. With the EPS used for fallback-passwords, biometric solutions could offer good convenience without much sacrificing the confidentiality. The outcome will be the most highly assured identity achieved through the most reliable “shared secrets”. That the users can retain the textual passwords as before while they expand their password memory to include the non-textual passwords without being impeded by the cognitive effect of “interference of memory” means that it is extremely difficult to imagine such users who suffer disadvantage or inconvenience by taking up the EPS Humans are generally thousands times better at dealing with image memories than character memories -. The former has the history of hundreds of millions of years while the latter’s history is less than a fraction of it. However mathematically strong a high-entropy character password may appear, it is a pie in the sky if it is impracticable. Now that CPUs are fast enough, bandwidths broad enough, memory storages cheap enough and superb cameras built in most of the mobile devices, I wonder what merits we have for reliable identity assurance in sticking to confining ourselves in the narrow corridor of character memories.