Passwords are hard to manage. ID federations rely on the master-passwords. So do the multi-factor authentications as one of the key factors. Password-free life is a criminals’ Utopia. Then, what else?
The writer is advocating Expanded Password System that enables us to make use of unforgettable images as well as conventional texts, which is meant to be both intuitive and secure. It is also expected to leave a torturous login as history and achieve comfortable and relaxing identity authentication.
Here are two 30-second summary videos for preview of this article:
Security of the real/cyber-fused society hinges on the trusted Identity Assurance, which hinges on the reliable Shared Secrets in cyberspace. Passwords have been the Shared Secrets for many decades.
The password has also been a target of resentment. It is so easy to break if easy to recall, while so hard to recall if hard to break. Sieged by an ever increasing number of password-requiring accounts, not a few people are crying that the password should be killed dead.
The password could be killed altogether, however, only where there is a valid alternative.
What can displace the password?
Some people talk about “PIN”, which is a weak form of numbers-only password. If it could displace the password, a puppy should be able to displace the dog, a cub the lion.
“Passphrase” is among the variations of passwords, having its merits and demerits. It may be longer and yet easier to remember but it does not necessarily mean a higher entropy despite the troubles of tiresome typing. It is generally made of known words that are just vulnerable to automated dictionary attacks.
Some people might say that multi-factor authentications or ID federations such as password managers and single-sign-on services could. But it is not easy to conceive that the password could be displaced by the multi-factor schemes for which one of the factors is a password. The ID federations, which could create a single point of failure if too centralized, require the most reliable password as the master-password.
What about biometrics?
Biometric solutions used in cyberspace need a password (fallback password as a recovery mechanism) registered in case of false rejection. If “something” which has to rely on “the other thing” could displace “the other thing”, your foot should be able to displace your leg for walking. Alice’s Wonderland might receive it, but we have huge difficulties in imagining what it could look like in this 4D Space-Time universe.
Blind Spot in Our Mind: Let us imagine that we are watching two models of smart phones – Model A with Pincode and Model B with Pincode & Fingerprint Scan.
Which of the two models do you think is more secure?
when you hear that Model A is protected by Pincode while Model B is protected by both Pincode and Fingerprints
when you hear that Model A can be unlocked by Pincode while Model B can be unlocked by both Pincode and Fingerprints
when you hear that Model A can be attacked only by Pincode while Model B can be attacked by both Pincode and Fingerprints
Is your observation the same for all the 3 situations?
Eye-Opening Experience: Now let us imagine that there are two houses – (1) with one entrance and (2) with two entrances placed in parallel.
Which house is safer against burglars?
Nobody would dare to allege that (2) is safer because it is protected by two entrances. Similarly, the login by a pincode alone is securer than the login by a biometric sensor backed up by a fallback pincode. That is, a smartphone equipped with biometrics authentication and a fallback pincode authentication is obviously less secure than a smartphone with a pincode-alone authentication (Video on Backdoor 2m40s).
The above observation is backed up by the latest draft digital authentication guidelines of National Institute of Standards and Technology, which require in Clause 5.2.3 Use of Biometricsthat, due to its inherent vulnerabilities, biometrics should be “used with another authentication factor” and it needs to depend on passwords as a recovery mechanism where practicality matters even if it means lower security due to the “larger attack surface” to borrow NIST’s words.
Remark: Due respect should be paid to the value of the biometric solutions as an effective identification tool for physical security like forensic and border control. Biometrics is a good tool for individual identification although it is wrong to use it for identity authentication in cyberspace.
What about a password-less life?
Some might say “Not using any password altogether is the way to kill the password dead”. Yes, the password could then be killed dead entirely, but it would be criminals rather than us that will be the beneficiaries of such password-free cyberspace.
In a world where we live without passwords to recall, i.e., where our identity is established without our volitional participation, we would be able to have a safe sleep only when we are alone in a firmly locked room. It would be a Utopia for criminals but a Dystopia for most of us.
However disliked, passwords as shared secrets are absolutely indispensable.
In view of such situations stated above, intuitive password propositions are becoming the focus of attentions as an alternative to the unmanageable old passwords.
Well, how intuitive, secure and practicable could they be?
Intuitive but insecure: With this group of solutions, the authentication would be completed when we have picked up the mugshots of friends that had been registered as the shared secrets.
Comment: Using friends’ mugshots IMPLICITLY is good, but using friends’ mugshots EXPLICITLY is no good. It would only please criminals.
Not as intuitive as it appears: With this group of solutions, the authentication would be completed when you have picked up the mugshots of people that you had remembered as the shared secrets.
Comment: Using faces as one of the objects is no bad but using ONLY faces is no good. And remembering people’s faces is generally easier than remembering other static objects, but not so much when those people are unknown to us. Actual trials tell how easy it is to get lost or confused.
The same applies to dozens of simple pictorial/graphic/emoji passwords proposed here and there, now and then.
Either insecure or impracticable: Patterns-on-Grid belongs to this group, with which authentication would be completed when we have reproduced the patterns that we had registered on a grid.
Comment: Easy-to-remember patterns such as L, N, V, X, Z and their variants are known to criminals, while actual trials of hard-to-crack complicated patterns demonstrate that we get lost or confused so easily.
We are proposing “Expanded Password System” that is designed to be both intuitive and secure at the same time by making the best use of our long-term memories called episodic/autobiographic memories and by elaborate design consideration on confidentiality. Such approaches as quoted above can all be deployed on the same platform as extra variations if we so want.
We can remember and recall only 5 text passwords on average, not due to our silliness or laziness, but due to the cognitive phenomenon called “Interference of Memory”.
Memories of numbers and alphabets, which contain very limited information, are subject to the severe interference of memory which causes terrible confusions in what we remember, whereas the memories of images and pictures, particularly those of episodic/autobiographic memories that contain a great deal of information with emotional feeling, are not.
This indicates that we can easily manage passwords well beyond 5 or 10 when we make good use of the episodic image memories. It could thus make the optimal alternative to the textual passwords when we make sure that confidentiality is not lost.
Most of the humans are thousands times better at dealing with image memories than text memories. The former has the history of hundreds of millions of years while the latter is still very new to us. I wonder what merits we have in confining ourselves in the narrow corridor of text memories when CPUs are fast enough, bandwidth broad enough, memory storage cheap enough, and cameras built in mobile devices.
The Expanded Password System is inclusive of textual as well as non-textual passwords. Users can retain the textual passwords as before while they expand their password memory to include the non-textual passwords without being impeded by the cognitive effect of “interference of memory”. It is extremely difficult to imagine the users who would suffer disadvantage or inconvenience by taking up the Expanded Password System.
Being able to recall strong passwords is one thing. Being able to recall the relations between accounts and the corresponding passwords is another. When unique matrices of images are allocated to different accounts with the Expanded Password System, those unique matrices of images will be telling you what images you could pick up as your passwords. The Expanded Password System thus frees us from the burden of managing the relations between accounts and the corresponding passwords.
What about future developments?
We have been pondering over the theme of Brain-Computer-Interface for our Expanded Password System for many years. We already can rely on:
- clicking and tapping on the images randomly positioned
- typing the characters randomly allocated to images
We will easily be able to rely on:
- eye-tracking the images randomly positioned
- voice-recognizing the characters randomly allocated to images
- voiceless-voice-recognizing the same
- tapping secret signals on a pad when hearing the sounds that the users had registered (for the blind people)
- tapping signals when feeling the tactile sensation that the users had registered (for the blind & deaf people)
All the above can be achieved by deploying the off-the-shelf technologies. The next task is the interfaces for the people who cannot rely on any of the above. Here enters the possibility of BCI/BMI.
A simple brain-monitoring of the user’s eye-tracking has a problem in terms of security. The data, if eavesdropped by criminals, can be replayed for impersonation straight away. Therefore the data should be randomized as the disposable onetime ones.
Our idea is that the authentication system allocates random characters to the images. The users focus their attention on the characters given to the registered images. The monitoring system will collect the brain-generated onetime signal/data responding to these characters. If intercepted, criminals would be unable to impersonate the users because the bugged data are onetime and disposable. We are looking for the researchers of BCI/BMI who may be interested in establishing that this idea is actually feasible in the real world.
Also among the agenda is a scheme of designing the Expanded Password System deployed on the platform of blockchain or something similar to it for single-sign-on services and online password management services. As a matter of fact this concept has been around with us for 13 years. It was in 2003 that we first talked about the possibility of online authentication on a PKI-based P2P platform.
The effect of encryption cannot be above the level of identity verification of the people who handle the encrypted data. Neither can the effect of the identity verification be above the level of the encryption that protects the identity verification process.
The arrival of quantum computing could be a very serious threat not only to the encryption itself but also to the identity assurance. We are keen to get in touch with the people who are trying to come up with technologies related to Quantum-Resistant encryption.
Users of biometric products are advised that, if you are security-conscious, you should turn off the biometrics when a password login is provided as a fallback means. The password-only authentication is securer. You could keep the biometrics with a fallback password activated only where you are happy with “below-password-only” security for better convenience.
Instead you could look to the intuitive password solution offered in our Expanded Password System. Use of images of beloved people, pets and various familiar objects could help make you feel comfortable, relaxed and healed.
Torturous login that we have had to suffer for many decades will be history. And this bonus comes on top of the better balance of security and convenience made possible by the Expanded Password System (Whitepaper).