History, Current Status and Future Scenarios of Expanded Password System

Future Scenarios of Expanded Password System

Passwords are so hard to manage that some people are urging the removal of passwords from digital identity altogether. What would happen, then, if the password is removed from our identity assurance?

Where the password was kicked out, security providers would be given only the physical token and the biometrics as authentication factors, whereas biometrics requires a fallback measure against false rejection. With the password removed, nothing but the token could be the fallback measure for the biometrics. Then system designer could have only the two choices as follows.

(1)    authentication by the token alone, with an option of adding another token. Its security effect is highlighted in this cartoon we published 14 years ago.

(2)   authentication by the biometrics deployed in ‘multi-entrance’ method with the token as a fallback measure, security of which is lower than (1) irrespective of however called it may be, with an option of adding another token, as quantitatively explained here.

What a barren desert it would be!

More significantly, the password-less (will/volition-less authentication) is not consistent with the value of democracy. It would be a 1984-like Dystopia if our identity is authenticated without our knowledge or against our will.

Then What Else?

‘Achieving higher-security by removing the password’ and ‘Killing the password by biometrics’ are both no more than the hyped myths. Then, what else can we look to as a valid solution to the predicament of digital identity?

The answer is expanding the password system to accept credentials based on our non-text memories as well as the text memories. We call this proposition ‘Expanded Password System’

Password System

By accepting non-text memories, especially images associated with autobiographic/episodic memories, the Expanded Password System is able to offer a number of excellent features as follows.

– It is not only stress-free for users but fun to use.

– It turns a low-entropy password into high-entropy authentication data

– It eases the burden of managing the relationship between accounts and passwords

– It deters phishing attacks with this unique feature.

– It can be deployed under any type of circumstance, including combat and other panicky situations.

– It supports existing schemes, such as:

– – Biometrics which require passwords as a fallback means

– – Two/multi-factor authentications that require passwords as one of the factors

– – ID Federations such as password managers and single-sign-on services that require passwords as the master-password

– Simple pictorial/emoji-passwords and patterns-on-grid can be deployed on this platform.

– It is relevant whenever text passwords and pin numbers are in use

– And, nothing would be lost for people who want to keep using text passwords

– Last but not least, it continues to rely on free will.

History and Current Status

The concept of this Expanded Password System first came up in 2000. It was followed by the prototyping in 2001 and the commercial implementations from 2003. The history isoutlined in this article – How Expanded Password System got this way –

Over the period of 2003 to 2008, the business actually successfully. We saw several commercial adoptions amounting to more than US$1 million, even though handling images was a much heavier task in those days when CPU was slow, the bandwidth narrow and the storage expensive.

It then ceased to grow as people were more and more carried away by the myths of biometrics and password-less authentication which the advocates alleged would kill the passwords altogether, with our proposition included, although we knew that biometrics have to depend on the password as a fallback measure and that a password-less auathentication, if literally implemented, would only bring tragically insecure cyberspace..

After struggling in vain to fight back for several years, we chose to get out of Japan where biometrics vendors were far more dominant than anywhere else, and started to look for bigger chances worldwide. Now, we have some good friends and supporters globally. The writer was invited to speak at KuppingerCole’s Consumer Identity World 2018 in Seattle and Amsterdam. Expanded Password System is now acknowledged as Draft Proposal’ for OASIS Open Projects.

Well, as indicated above, we had come up with not just prototypes but also several commercial products developed for the Japanese clients such as follows:

Client Software for

– Device Login (commercial implementation)

– Applications Login (prototype)

– Image-to-Code Conversion (p)

Server Software for

– Online-Access (c.i.)

– 2-Factor Scheme (c.i.)

– Open ID Compatible (p)

Applied Products: Data Encryption with on-the-fly key generation

– Single & Distributed Authority (c.i.)

None of them, however, are well suited for the services and sales on the global markets, since the programs were all written by Japanese engineers for the Japanese clients with no consideration about the operation, support and maintenance outside Japan.

This also means, however, that we will be able to come up with the products for the global market just easily and quickly with a relatively small budget because algorithms are already here and all that we need to do is to re-write the software in English with the updated cryptography.

For a brief glimpse of what Expanded Password System can offer, watch these brief videos.

Basic Operation – on Smartphone (1m41s)

High-Security Operation – local on PC (4m28s)

Capture and registration of pictures – mapping to long PIN Codes (1m26s)

The readers might also be interested in this comprehensive FAQ 

Future Scenarios

In view of the global nature of our enterprise, we are planning to set up the headquarters in an English-speaking country where we have easy access to the sufficient business and technological resources.

Identity/Security-related businesses who are interested to share the benefits of Expanded Password System could choose one or some of the scenarios as quoted below.

1.  Become one of the co-founders of a new business entity that we are going to set up as the global headquarters.

2.  Secure a highly privileged status by joining our team at OASIS Open Projects as a voting sponsorship member.

3.  Secure some advantageous position by taking part in the active discussions at the OASIS Projects as a non-voting member.

4.  Consider other scenarios depending on their aspiration and budget.

* All would depend on their judgement on

– how large or small the enterprise of the now-unknown Expanded Password System could grow and how long or short it could survive and sustain,

– as compared with the now-popular propositions such as ‘password-less authentication’, ‘biometrics as a password-killer’ and ‘physical tokens as a password-killer’,

– as a legitimate successor to the traditional seals, autographs and text-passwords, bearing it in mind that this enterprise could keep a value for social good until humans abandon the digital identity altogether.

By Hitoshi Kokumai

Non-Fungible Tokens

Non-Fungible Tokens (NFTs) As Digital Artwork

NFTs As Digital Artwork NFT stands for Non-Fungible Token. Anything fungible is replaceable with something that is of an equal value. A basic example would be money. A $10 note is fungible as it can ...
Chris Collins

Why Cloud Technology is a Smart Business Move for Higher Education

Higher Education Technology Cloud technology is not just for the world of big business. A growing number of higher education institutions are also embracing the cloud’s many advantages, especially for its data gathering and analytics ...
Yotascale podcast

Episode 10: The Modern Day Smokestack? The Economics of Cloud Management

The Modern Day Smokestack A conversation with Asim Razzaq, CEO, Yotascale Why is cloud cost management so difficult? What are the main challenges in achieving cloud cost optimization? What are the principles of cost optimization ...
Peter Tsai

Infrastructure-as-a-Service Security Responsibilities

Infrastructure-as-a-Service Updated: 11.19.2020 What is IaaS? Infrastructure as a Service (IaaS) allows you to rent computing resources from a third party that you then access through the web. You essentially outsource having to set up ...
Couchbase

Episode 12: Transitioning from a Relational to NoSQL Cloud Database

Relational to NoSQL Cloud Database Like so many other areas of technology, the database is changing. For a long time we worked with relation databases and SQL, but the demands for flexibility, security and speed ...

PROXY SERVICES

The CloudTweaks technology lists will include updated resources to leading services from around the globe. Examples include leading IT Monitoring Services, Bootcamps, VPNs, CDNs, Reseller Programs and much more...

  • Smartproxy

    Smartproxy

    Smartproxy is a rising star in the constantly growing proxy market. Smartproxy offers awarded customer service, impressive performance, and is serious about your anonymity (yes, cybersecurity matters). The latest features developed by Smartproxy are 30 minute long sticky sessions and Google Proxies. Rumor has it, the latter guarantee 100% success rate

  • Bright Data

    Bright Data

    Bright Data’s network is one of the most robust of its kind globally. Here are its stark advantages: Extremely stable connection for long sessions (99.99% uptime guaranteed). Free to integrate with our Proxy Manager which allows you to define custom rules for optimized results. Send unlimited concurrent requests increasing speed, cost-effectiveness, and overall efficiency.

  • Rsocks

    Rsocks

    RSocks team offers a huge amount of residential plans which were developed for plenty of tasks and, most importantly, has been proved to be quite efficient. Such variety has been created on purpose to let everyone choose a plan for a reasonable price, online, rotation and other parameters.

  • Storm Proxies

    Storm Proxies

    Storm Proxies' network is optimized for high performance and fast multi-threaded tools. You get unlimited bandwidth. No hidden costs, no limits on bandwidth. Try Storm Proxies 100% Risk Free. If you are not happy with the service email us within 24 hours of purchase and we will refund you.