SlideShare uma empresa Scribd logo

Cyber Predicament by Text-Only Password Systems

Transferir como DOCX, PDF
Hitoshi Kokumai
Hitoshi Kokumai

The document discusses the vulnerabilities of conventional password systems and proposes an alternative called the "Expanded Password System". It notes that passwords like "Iloveyou" and "1234" can easily be hacked. Current proposals to replace passwords, like biometrics or password managers, still rely on passwords and have their own flaws. The Expanded Password System turns low-entropy passwords into strong authentication, easing management burdens while deterring attacks and supporting existing schemes. It is being developed as an open standard and could provide a simple solution to password problems.

Internet
1 de 5
Cyber Predicament by Text-Only Password Systems Abstract It is obvious that we can no longer continue to rely on the conventional form of password systems. Nor can the conventional forms of deploying biometrics, ID-federations and multi-factor authentications that have relied on the conventional password, as a fallback means, a master-password and one of the factors respectively. However, we do not have to despair. There exists an incredibly simple solution to it, though little known to the public as yet. Password Predicament You are probably aware of the huge data breach that a student brought about in Germany. A NYT report on 8/Jan (*1) reads "A 20-year-old German student took advantage of passwords as weak as “ Iloveyou” and “1234” to hack into online accounts of hundreds of lawmakers and personalities whose political stances he disliked, officials revealed Tuesday, shaking Berlin’s political establishment and raising questions about data security in Europe’s leadingeconomy." If attacking the targets with the passwords such as "Iloveyou” and “1234” is like taking candy from a baby for a student, it must be like taking candy from a sleeping baby for organized criminals. What happened in Germany could no doubt have happened everywhereelse.
Half-baked Propositions We now anticipate that a number of security professionals will be yet more ardentlyurging people to 1. eliminate the use of passwords altogether, probably without mentioning that we would be thrown into a 1984-like dystopia when identity authentication happens without our knowledge or againstour will. 2. take up biometrics instead of passwords, probably without mentioning that the biometrics has to be deployed together with a password in a security-ruining'multi-entrance' method (*2). 3. adopt a password-manager, probably without mentioning that it comes with a risk of creating a single point of failure like putting all the eggs in a single basket and that a high-entropy password is indispensable as the master-password. 4. consider a multi-factor authentication, probably without mentioning that the password would be the last resort when something-to-possess is broken, left behind, lost copied and stolen. 5. throw away easy-to-remember passwords while neither writing down the passwords on a memo nor re-using the same passwords across many accounts, in other words, do what humans are unable to do. And, tech/biz media will be busy with yet more loudly spreading all those wrongor inaccurate perceptions and suggestions. However, the real picture is actually so plain and clear; the current password predicament is caused by the conventional password systems that do not allow people to use anything but numbers/characters.
Expansion of Password System There exists an incredibly simple solution to it. The existence of this solution is little known to the public as yet, though, largely because it does not offer big incentives to the people who have been advocating, endorsing and promoting the above (1) to (5) propositions. It is called ‘Expanded Password System’ and an OASIS project is progressing for the standardization in view of such desirable features as follows. - It is not only stress-free for users but fun to use, as opposed to the dread and overhead that come today with creating, memorizingand storing passwords - It turns a low-entropy password into high-entropy authenticationdata - It eases the burden of managing the relationship between accounts and passwords - It deters phishingattacks - It can be deployed under any type of circumstance, including combat - It supports existing schemes,such as: - Biometrics which require passwords as a fallback means - Two/multi-factor authentications that require passwords as one of the factors
- Federations such as password managers and single-sign-on services that require passwords as the master-password - Simple pictorial/emoji-passwords and patterns-on-grid can be deployed on this platform. - It is relevant whenever text passwords and pin numbers are in use - And, nothing would be lost for people who want to keep using text passwords - Last but not least, it continues to rely on free will. The proposition of Expanded Password System is in the ‘Draft Proposal’ stage at OASIS Open Projects (*3). Should you be concerned about the current status of identity assurance, you might be interested to keep an eye on it and help us where possible.
Footnote *1 German Man Confesses to Hacking Politicians’ Data, Officials Say https://www.nytimes.com/2019/01/08/world/europe/germany-hack ing-arrest.html *2 Horrific Distinction between ‘Multi-Layer’ and ‘Multi-Entrance’ Deployments https://www.linkedin.com/pulse/horrific-distinction-between-mult i-layer-deployments-hitoshi-kokumai *3 Draft Charter https://docs.google.com/document/d/1lHFWGMmFHN4xwm9q6aj Q1vZtFFaKNNgHJKHMnvcNS0s/edit#

Recomendados

Microsoft warns of potential attacks
Microsoft warns of potential attacksMicrosoft warns of potential attacks
Microsoft warns of potential attacksJohn Davis
 
Steven Leahy_IT 543_Unit 1 Assignment
Steven Leahy_IT 543_Unit 1 AssignmentSteven Leahy_IT 543_Unit 1 Assignment
Steven Leahy_IT 543_Unit 1 AssignmentSteven Leahy
 
Whitelaw_CV
Whitelaw_CVWhitelaw_CV
Whitelaw_CVBrian Whitelaw
 
UW School of Medicine Social Engineering and Phishing Awareness
UW School of Medicine Social Engineering and Phishing AwarenessUW School of Medicine Social Engineering and Phishing Awareness
UW School of Medicine Social Engineering and Phishing AwarenessNicholas Davis
 
Prevent phishing scams
Prevent phishing scamsPrevent phishing scams
Prevent phishing scamsronpoul
 
Cyber Privacy & Password Protection
Cyber Privacy & Password ProtectionCyber Privacy & Password Protection
Cyber Privacy & Password ProtectionNikhil D
 
What is Phishing - Kloudlearn
What is Phishing - KloudlearnWhat is Phishing - Kloudlearn
What is Phishing - KloudlearnKloudLearn
 
IT for Managers
IT for ManagersIT for Managers
IT for ManagersPramod P Nair
 

Recomendados

Microsoft warns of potential attacks
Microsoft warns of potential attacksMicrosoft warns of potential attacks
Microsoft warns of potential attacksJohn Davis
 
Steven Leahy_IT 543_Unit 1 Assignment
Steven Leahy_IT 543_Unit 1 AssignmentSteven Leahy_IT 543_Unit 1 Assignment
Steven Leahy_IT 543_Unit 1 AssignmentSteven Leahy
 
Whitelaw_CV
Whitelaw_CVWhitelaw_CV
Whitelaw_CVBrian Whitelaw
 
UW School of Medicine Social Engineering and Phishing Awareness
UW School of Medicine Social Engineering and Phishing AwarenessUW School of Medicine Social Engineering and Phishing Awareness
UW School of Medicine Social Engineering and Phishing AwarenessNicholas Davis
 
Prevent phishing scams
Prevent phishing scamsPrevent phishing scams
Prevent phishing scamsronpoul
 
Cyber Privacy & Password Protection
Cyber Privacy & Password ProtectionCyber Privacy & Password Protection
Cyber Privacy & Password ProtectionNikhil D
 
What is Phishing - Kloudlearn
What is Phishing - KloudlearnWhat is Phishing - Kloudlearn
What is Phishing - KloudlearnKloudLearn
 
IT for Managers
IT for ManagersIT for Managers
IT for ManagersPramod P Nair
 
How To Catch a Phish: User Awareness and Training
How To Catch a Phish: User Awareness and TrainingHow To Catch a Phish: User Awareness and Training
How To Catch a Phish: User Awareness and TrainingLondon School of Cyber Security
 
Heartbleed
HeartbleedHeartbleed
HeartbleedSusan Allor
 
Final report ethical hacking
Final report ethical hackingFinal report ethical hacking
Final report ethical hackingsamprada123
 
Privacy and Security Issues in E-Commerce
Privacy and Security Issues in E-Commerce Privacy and Security Issues in E-Commerce
Privacy and Security Issues in E-Commerce Titas Ahmed
 
Β. Hucking
Β. Hucking Β. Hucking
Β. Hucking Athina MINAIDI
 
36 44 Final
36 44 Final36 44 Final
36 44 Finalmeraz rizel
 
thesis 36 44 Final
thesis 36 44 Finalthesis 36 44 Final
thesis 36 44 Finalmeraz rizel
 
36.44.final
36.44.final36.44.final
36.44.finalmeraz rizel
 
ethical hacking report
ethical hacking report ethical hacking report
ethical hacking reportAkhilesh Patel
 
Best Practices to Protect Customer Data Effectively
Best Practices to Protect Customer Data EffectivelyBest Practices to Protect Customer Data Effectively
Best Practices to Protect Customer Data EffectivelyTentacle Cloud
 
Phishing Seminar By M Nadeem Qazi(MnQazi) pptx
Phishing Seminar By M Nadeem Qazi(MnQazi) pptxPhishing Seminar By M Nadeem Qazi(MnQazi) pptx
Phishing Seminar By M Nadeem Qazi(MnQazi) pptxM Nadeem Qazi
 
Building a culture of security
Building a culture of securityBuilding a culture of security
Building a culture of securityCourion Corporation
 
Multi Factor Authentication
Multi Factor AuthenticationMulti Factor Authentication
Multi Factor AuthenticationPing Identity
 
Knowbe4 presentation
Knowbe4 presentationKnowbe4 presentation
Knowbe4 presentationMd Mofijul Haque
 
A Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.comA Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.comBusiness.com
 
Compilation of phishing and keylogger attacks
Compilation of phishing and keylogger attacksCompilation of phishing and keylogger attacks
Compilation of phishing and keylogger attacksArrayShield Technologies Private Limited
 
An overview study on cyber crimes in internet
An overview study on cyber crimes in internetAn overview study on cyber crimes in internet
An overview study on cyber crimes in internetAlexander Decker
 
Malta Economic Update 06 2008 - isec interview
Malta Economic Update 06 2008 - isec interviewMalta Economic Update 06 2008 - isec interview
Malta Economic Update 06 2008 - isec interviewFabian Borg
 
Why do women love chasing down bad guys?
Why do women love chasing down bad guys? Why do women love chasing down bad guys?
Why do women love chasing down bad guys? SITA
 
Security threats and attacks in cyber security
Security threats and attacks in cyber securitySecurity threats and attacks in cyber security
Security threats and attacks in cyber securityShri ramswaroop college of engineering and management
 
Business Dimension of Expanded Password System
Business Dimension of Expanded Password SystemBusiness Dimension of Expanded Password System
Business Dimension of Expanded Password SystemHitoshi Kokumai
 
Two factor authentication
Two factor authenticationTwo factor authentication
Two factor authenticationHai Nguyen
 

Mais conteúdo relacionado

Mais procurados

Final report ethical hacking
Final report ethical hackingFinal report ethical hacking
Final report ethical hackingsamprada123
 
Privacy and Security Issues in E-Commerce
Privacy and Security Issues in E-Commerce Privacy and Security Issues in E-Commerce
Privacy and Security Issues in E-Commerce Titas Ahmed
 
thesis 36 44 Final
thesis 36 44 Finalthesis 36 44 Final
thesis 36 44 Finalmeraz rizel
 
ethical hacking report
ethical hacking report ethical hacking report
ethical hacking reportAkhilesh Patel
 
Best Practices to Protect Customer Data Effectively
Best Practices to Protect Customer Data EffectivelyBest Practices to Protect Customer Data Effectively
Best Practices to Protect Customer Data EffectivelyTentacle Cloud
 
Phishing Seminar By M Nadeem Qazi(MnQazi) pptx
Phishing Seminar By M Nadeem Qazi(MnQazi) pptxPhishing Seminar By M Nadeem Qazi(MnQazi) pptx
Phishing Seminar By M Nadeem Qazi(MnQazi) pptxM Nadeem Qazi
 
Multi Factor Authentication
Multi Factor AuthenticationMulti Factor Authentication
Multi Factor AuthenticationPing Identity
 
A Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.comA Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.comBusiness.com
 
An overview study on cyber crimes in internet
An overview study on cyber crimes in internetAn overview study on cyber crimes in internet
An overview study on cyber crimes in internetAlexander Decker
 
Malta Economic Update 06 2008 - isec interview
Malta Economic Update 06 2008 - isec interviewMalta Economic Update 06 2008 - isec interview
Malta Economic Update 06 2008 - isec interviewFabian Borg
 
Why do women love chasing down bad guys?
Why do women love chasing down bad guys? Why do women love chasing down bad guys?
Why do women love chasing down bad guys? SITA
 

Mais procurados (20)

How To Catch a Phish: User Awareness and Training
How To Catch a Phish: User Awareness and TrainingHow To Catch a Phish: User Awareness and Training
How To Catch a Phish: User Awareness and Training
 
Heartbleed
HeartbleedHeartbleed
Heartbleed
 
Final report ethical hacking
Final report ethical hackingFinal report ethical hacking
Final report ethical hacking
 
Privacy and Security Issues in E-Commerce
Privacy and Security Issues in E-Commerce Privacy and Security Issues in E-Commerce
Privacy and Security Issues in E-Commerce
 
Β. Hucking
Β. Hucking Β. Hucking
Β. Hucking
 
36 44 Final
36 44 Final36 44 Final
36 44 Final
 
thesis 36 44 Final
thesis 36 44 Finalthesis 36 44 Final
thesis 36 44 Final
 
36.44.final
36.44.final36.44.final
36.44.final
 
ethical hacking report
ethical hacking report ethical hacking report
ethical hacking report
 
Best Practices to Protect Customer Data Effectively
Best Practices to Protect Customer Data EffectivelyBest Practices to Protect Customer Data Effectively
Best Practices to Protect Customer Data Effectively
 
Phishing Seminar By M Nadeem Qazi(MnQazi) pptx
Phishing Seminar By M Nadeem Qazi(MnQazi) pptxPhishing Seminar By M Nadeem Qazi(MnQazi) pptx
Phishing Seminar By M Nadeem Qazi(MnQazi) pptx
 
Building a culture of security
Building a culture of securityBuilding a culture of security
Building a culture of security
 
Multi Factor Authentication
Multi Factor AuthenticationMulti Factor Authentication
Multi Factor Authentication
 
Knowbe4 presentation
Knowbe4 presentationKnowbe4 presentation
Knowbe4 presentation
 
A Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.comA Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.com
 
Compilation of phishing and keylogger attacks
Compilation of phishing and keylogger attacksCompilation of phishing and keylogger attacks
Compilation of phishing and keylogger attacks
 
An overview study on cyber crimes in internet
An overview study on cyber crimes in internetAn overview study on cyber crimes in internet
An overview study on cyber crimes in internet
 
Malta Economic Update 06 2008 - isec interview
Malta Economic Update 06 2008 - isec interviewMalta Economic Update 06 2008 - isec interview
Malta Economic Update 06 2008 - isec interview
 
Why do women love chasing down bad guys?
Why do women love chasing down bad guys? Why do women love chasing down bad guys?
Why do women love chasing down bad guys?
 
Security threats and attacks in cyber security
Security threats and attacks in cyber securitySecurity threats and attacks in cyber security
Security threats and attacks in cyber security
 

Semelhante a Cyber Predicament by Text-Only Password Systems

Business Dimension of Expanded Password System
Business Dimension of Expanded Password SystemBusiness Dimension of Expanded Password System
Business Dimension of Expanded Password SystemHitoshi Kokumai
 
Two factor authentication
Two factor authenticationTwo factor authentication
Two factor authenticationHai Nguyen
 
Two factor authentication
Two factor authenticationTwo factor authentication
Two factor authenticationHai Nguyen
 
More Issues on Digital Identity (24Feb2023)
More Issues on Digital Identity (24Feb2023)More Issues on Digital Identity (24Feb2023)
More Issues on Digital Identity (24Feb2023)Hitoshi Kokumai
 
M-Pass: Web Authentication Protocol
M-Pass: Web Authentication ProtocolM-Pass: Web Authentication Protocol
M-Pass: Web Authentication ProtocolIJERD Editor
 
Password and Account Management Strategies - April 2019
Password and Account Management Strategies - April 2019Password and Account Management Strategies - April 2019
Password and Account Management Strategies - April 2019Kimberley Dray
 
Design and Development of an E-Commerce Security Using RSA Cryptosystem
Design and Development of an E-Commerce Security Using RSA CryptosystemDesign and Development of an E-Commerce Security Using RSA Cryptosystem
Design and Development of an E-Commerce Security Using RSA CryptosystemAM Publications,India
 
Securing corporate assets_with_2_fa
Securing corporate assets_with_2_faSecuring corporate assets_with_2_fa
Securing corporate assets_with_2_faHai Nguyen
 
Clues to Unravelling Conundrums - Biometrics deployed 'in parallel' as again...
Clues to Unravelling Conundrums - Biometrics deployed 'in parallel' as again...Clues to Unravelling Conundrums - Biometrics deployed 'in parallel' as again...
Clues to Unravelling Conundrums - Biometrics deployed 'in parallel' as again...Hitoshi Kokumai
 
Strong Authentication in Cyberspace 8 key principles for policymakers
Strong Authentication in Cyberspace 8 key principles for policymakersStrong Authentication in Cyberspace 8 key principles for policymakers
Strong Authentication in Cyberspace 8 key principles for policymakersMark Gibson
 
A Novel Passwordless Authentication Scheme for Smart Phones Using Elliptic Cu...
A Novel Passwordless Authentication Scheme for Smart Phones Using Elliptic Cu...A Novel Passwordless Authentication Scheme for Smart Phones Using Elliptic Cu...
A Novel Passwordless Authentication Scheme for Smart Phones Using Elliptic Cu...ADEIJ Journal
 
IRJET- Honeywords: A New Approach for Enhancing Security
IRJET- Honeywords: A New Approach for Enhancing SecurityIRJET- Honeywords: A New Approach for Enhancing Security
IRJET- Honeywords: A New Approach for Enhancing SecurityIRJET Journal
 
®Three Undocumented Layers of the OSI Model  and The.docx
®Three Undocumented Layers of the OSI Model  and The.docx®Three Undocumented Layers of the OSI Model  and The.docx
®Three Undocumented Layers of the OSI Model  and The.docxLynellBull52
 
Why is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewWhy is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewSTO STRATEGY
 
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)Avansa Mid- en Zuidwest
 
IRJET- Security Enhancements by Achieving Flatness in Honeyword for Web u...
IRJET- Security Enhancements by Achieving Flatness in Honeyword for Web u...IRJET- Security Enhancements by Achieving Flatness in Honeyword for Web u...
IRJET- Security Enhancements by Achieving Flatness in Honeyword for Web u...IRJET Journal
 
Securing Database Passwords Using a Combination of hashing and Salting Techni...
Securing Database Passwords Using a Combination of hashing and Salting Techni...Securing Database Passwords Using a Combination of hashing and Salting Techni...
Securing Database Passwords Using a Combination of hashing and Salting Techni...Fego Ogwara
 
Brafton White Paper Example
Brafton White Paper ExampleBrafton White Paper Example
Brafton White Paper ExampleKayla Perry
 

Semelhante a Cyber Predicament by Text-Only Password Systems (20)

Business Dimension of Expanded Password System
Business Dimension of Expanded Password SystemBusiness Dimension of Expanded Password System
Business Dimension of Expanded Password System
 
Two factor authentication
Two factor authenticationTwo factor authentication
Two factor authentication
 
Two factor authentication
Two factor authenticationTwo factor authentication
Two factor authentication
 
More Issues on Digital Identity (24Feb2023)
More Issues on Digital Identity (24Feb2023)More Issues on Digital Identity (24Feb2023)
More Issues on Digital Identity (24Feb2023)
 
OlgerHoxha_Thesis_Final
OlgerHoxha_Thesis_FinalOlgerHoxha_Thesis_Final
OlgerHoxha_Thesis_Final
 
Smart Password
Smart PasswordSmart Password
Smart Password
 
M-Pass: Web Authentication Protocol
M-Pass: Web Authentication ProtocolM-Pass: Web Authentication Protocol
M-Pass: Web Authentication Protocol
 
Password and Account Management Strategies - April 2019
Password and Account Management Strategies - April 2019Password and Account Management Strategies - April 2019
Password and Account Management Strategies - April 2019
 
Design and Development of an E-Commerce Security Using RSA Cryptosystem
Design and Development of an E-Commerce Security Using RSA CryptosystemDesign and Development of an E-Commerce Security Using RSA Cryptosystem
Design and Development of an E-Commerce Security Using RSA Cryptosystem
 
Securing corporate assets_with_2_fa
Securing corporate assets_with_2_faSecuring corporate assets_with_2_fa
Securing corporate assets_with_2_fa
 
Clues to Unravelling Conundrums - Biometrics deployed 'in parallel' as again...
Clues to Unravelling Conundrums - Biometrics deployed 'in parallel' as again...Clues to Unravelling Conundrums - Biometrics deployed 'in parallel' as again...
Clues to Unravelling Conundrums - Biometrics deployed 'in parallel' as again...
 
Strong Authentication in Cyberspace 8 key principles for policymakers
Strong Authentication in Cyberspace 8 key principles for policymakersStrong Authentication in Cyberspace 8 key principles for policymakers
Strong Authentication in Cyberspace 8 key principles for policymakers
 
A Novel Passwordless Authentication Scheme for Smart Phones Using Elliptic Cu...
A Novel Passwordless Authentication Scheme for Smart Phones Using Elliptic Cu...A Novel Passwordless Authentication Scheme for Smart Phones Using Elliptic Cu...
A Novel Passwordless Authentication Scheme for Smart Phones Using Elliptic Cu...
 
IRJET- Honeywords: A New Approach for Enhancing Security
IRJET- Honeywords: A New Approach for Enhancing SecurityIRJET- Honeywords: A New Approach for Enhancing Security
IRJET- Honeywords: A New Approach for Enhancing Security
 
®Three Undocumented Layers of the OSI Model  and The.docx
®Three Undocumented Layers of the OSI Model  and The.docx®Three Undocumented Layers of the OSI Model  and The.docx
®Three Undocumented Layers of the OSI Model  and The.docx
 
Why is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewWhy is password protection a fallacy a point of view
Why is password protection a fallacy a point of view
 
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
 
IRJET- Security Enhancements by Achieving Flatness in Honeyword for Web u...
IRJET- Security Enhancements by Achieving Flatness in Honeyword for Web u...IRJET- Security Enhancements by Achieving Flatness in Honeyword for Web u...
IRJET- Security Enhancements by Achieving Flatness in Honeyword for Web u...
 
Securing Database Passwords Using a Combination of hashing and Salting Techni...
Securing Database Passwords Using a Combination of hashing and Salting Techni...Securing Database Passwords Using a Combination of hashing and Salting Techni...
Securing Database Passwords Using a Combination of hashing and Salting Techni...
 
Brafton White Paper Example
Brafton White Paper ExampleBrafton White Paper Example
Brafton White Paper Example
 

Mais de Hitoshi Kokumai

Image-to-Code Converter 31July2023.pptx
Image-to-Code Converter 31July2023.pptxImage-to-Code Converter 31July2023.pptx
Image-to-Code Converter 31July2023.pptxHitoshi Kokumai
 
Fend Off Cyberattack with Episodic Memory (24Feb2023)
Fend Off Cyberattack with Episodic Memory (24Feb2023)Fend Off Cyberattack with Episodic Memory (24Feb2023)
Fend Off Cyberattack with Episodic Memory (24Feb2023)Hitoshi Kokumai
 
Slide Share (Updated) - Fend Off Cybercrime with Episodic Memory 29Aug2022
Slide Share (Updated) - Fend Off Cybercrime with Episodic Memory 29Aug2022Slide Share (Updated) - Fend Off Cybercrime with Episodic Memory 29Aug2022
Slide Share (Updated) - Fend Off Cybercrime with Episodic Memory 29Aug2022Hitoshi Kokumai
 
Fend Off Cybercrime with Episodic Memory
Fend Off Cybercrime with Episodic MemoryFend Off Cybercrime with Episodic Memory
Fend Off Cybercrime with Episodic MemoryHitoshi Kokumai
 
Bring healthy second life to legacy password system
Bring healthy second life to legacy password systemBring healthy second life to legacy password system
Bring healthy second life to legacy password systemHitoshi Kokumai
 
Intriguing Evlolution from One to Two and Back to One
Intriguing Evlolution from One to Two and Back to OneIntriguing Evlolution from One to Two and Back to One
Intriguing Evlolution from One to Two and Back to OneHitoshi Kokumai
 
Updated: Presentation with Scripts at CIW2018
Updated: Presentation with Scripts at CIW2018Updated: Presentation with Scripts at CIW2018
Updated: Presentation with Scripts at CIW2018Hitoshi Kokumai
 
Presentation with Scripts at CIWEU2018
Presentation with Scripts at CIWEU2018Presentation with Scripts at CIWEU2018
Presentation with Scripts at CIWEU2018Hitoshi Kokumai
 
Updated: Identity Assurance by Our Own Volition and Memory
Updated: Identity Assurance by Our Own Volition and MemoryUpdated: Identity Assurance by Our Own Volition and Memory
Updated: Identity Assurance by Our Own Volition and MemoryHitoshi Kokumai
 
Deployment of Biometrics & Password - NIST63B
Deployment of Biometrics & Password - NIST63BDeployment of Biometrics & Password - NIST63B
Deployment of Biometrics & Password - NIST63BHitoshi Kokumai
 
Help unravel the conundrum over NIST authentication guideline
Help unravel the conundrum over NIST authentication guidelineHelp unravel the conundrum over NIST authentication guideline
Help unravel the conundrum over NIST authentication guidelineHitoshi Kokumai
 
Expanded password system - Reliable Identity Assurance
Expanded password system - Reliable Identity AssuranceExpanded password system - Reliable Identity Assurance
Expanded password system - Reliable Identity AssuranceHitoshi Kokumai
 

Mais de Hitoshi Kokumai (12)

Image-to-Code Converter 31July2023.pptx
Image-to-Code Converter 31July2023.pptxImage-to-Code Converter 31July2023.pptx
Image-to-Code Converter 31July2023.pptx
 
Fend Off Cyberattack with Episodic Memory (24Feb2023)
Fend Off Cyberattack with Episodic Memory (24Feb2023)Fend Off Cyberattack with Episodic Memory (24Feb2023)
Fend Off Cyberattack with Episodic Memory (24Feb2023)
 
Slide Share (Updated) - Fend Off Cybercrime with Episodic Memory 29Aug2022
Slide Share (Updated) - Fend Off Cybercrime with Episodic Memory 29Aug2022Slide Share (Updated) - Fend Off Cybercrime with Episodic Memory 29Aug2022
Slide Share (Updated) - Fend Off Cybercrime with Episodic Memory 29Aug2022
 
Fend Off Cybercrime with Episodic Memory
Fend Off Cybercrime with Episodic MemoryFend Off Cybercrime with Episodic Memory
Fend Off Cybercrime with Episodic Memory
 
Bring healthy second life to legacy password system
Bring healthy second life to legacy password systemBring healthy second life to legacy password system
Bring healthy second life to legacy password system
 
Intriguing Evlolution from One to Two and Back to One
Intriguing Evlolution from One to Two and Back to OneIntriguing Evlolution from One to Two and Back to One
Intriguing Evlolution from One to Two and Back to One
 
Updated: Presentation with Scripts at CIW2018
Updated: Presentation with Scripts at CIW2018Updated: Presentation with Scripts at CIW2018
Updated: Presentation with Scripts at CIW2018
 
Presentation with Scripts at CIWEU2018
Presentation with Scripts at CIWEU2018Presentation with Scripts at CIWEU2018
Presentation with Scripts at CIWEU2018
 
Updated: Identity Assurance by Our Own Volition and Memory
Updated: Identity Assurance by Our Own Volition and MemoryUpdated: Identity Assurance by Our Own Volition and Memory
Updated: Identity Assurance by Our Own Volition and Memory
 
Deployment of Biometrics & Password - NIST63B
Deployment of Biometrics & Password - NIST63BDeployment of Biometrics & Password - NIST63B
Deployment of Biometrics & Password - NIST63B
 
Help unravel the conundrum over NIST authentication guideline
Help unravel the conundrum over NIST authentication guidelineHelp unravel the conundrum over NIST authentication guideline
Help unravel the conundrum over NIST authentication guideline
 
Expanded password system - Reliable Identity Assurance
Expanded password system - Reliable Identity AssuranceExpanded password system - Reliable Identity Assurance
Expanded password system - Reliable Identity Assurance
 

Último

20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdfMatthew Sinclair
 
Best SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency DallasBest SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency DallasDigicorns Technologies
 
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime BalliaBallia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Balliameghakumariji156
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样ayvbos
 
Call girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girlsCall girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girlsMonica Sydney
 
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...meghakumariji156
 
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call GirlsMira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call GirlsPriya Reddy
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfJOHNBEBONYAP1
 
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查ydyuyu
 
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac RoomVip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Roommeghakumariji156
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirtrahman018755
 
一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理F
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查ydyuyu
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdfMatthew Sinclair
 
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsMonica Sydney
 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样ayvbos
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC
 
一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理F
 

Último (20)

20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf
 
Best SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency DallasBest SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency Dallas
 
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime BalliaBallia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
 
Call girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girlsCall girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girls
 
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
 
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call GirlsMira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
 
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
 
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac RoomVip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirt
 
一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
 
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理
 
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
 

Cyber Predicament by Text-Only Password Systems

  • 1. Cyber Predicament by Text-Only Password Systems Abstract It is obvious that we can no longer continue to rely on the conventional form of password systems. Nor can the conventional forms of deploying biometrics, ID-federations and multi-factor authentications that have relied on the conventional password, as a fallback means, a master-password and one of the factors respectively. However, we do not have to despair. There exists an incredibly simple solution to it, though little known to the public as yet. Password Predicament You are probably aware of the huge data breach that a student brought about in Germany. A NYT report on 8/Jan (*1) reads "A 20-year-old German student took advantage of passwords as weak as “ Iloveyou” and “1234” to hack into online accounts of hundreds of lawmakers and personalities whose political stances he disliked, officials revealed Tuesday, shaking Berlin’s political establishment and raising questions about data security in Europe’s leadingeconomy." If attacking the targets with the passwords such as "Iloveyou” and “1234” is like taking candy from a baby for a student, it must be like taking candy from a sleeping baby for organized criminals. What happened in Germany could no doubt have happened everywhereelse.
  • 2. Half-baked Propositions We now anticipate that a number of security professionals will be yet more ardentlyurging people to 1. eliminate the use of passwords altogether, probably without mentioning that we would be thrown into a 1984-like dystopia when identity authentication happens without our knowledge or againstour will. 2. take up biometrics instead of passwords, probably without mentioning that the biometrics has to be deployed together with a password in a security-ruining'multi-entrance' method (*2). 3. adopt a password-manager, probably without mentioning that it comes with a risk of creating a single point of failure like putting all the eggs in a single basket and that a high-entropy password is indispensable as the master-password. 4. consider a multi-factor authentication, probably without mentioning that the password would be the last resort when something-to-possess is broken, left behind, lost copied and stolen. 5. throw away easy-to-remember passwords while neither writing down the passwords on a memo nor re-using the same passwords across many accounts, in other words, do what humans are unable to do. And, tech/biz media will be busy with yet more loudly spreading all those wrongor inaccurate perceptions and suggestions. However, the real picture is actually so plain and clear; the current password predicament is caused by the conventional password systems that do not allow people to use anything but numbers/characters.
  • 3. Expansion of Password System There exists an incredibly simple solution to it. The existence of this solution is little known to the public as yet, though, largely because it does not offer big incentives to the people who have been advocating, endorsing and promoting the above (1) to (5) propositions. It is called ‘Expanded Password System’ and an OASIS project is progressing for the standardization in view of such desirable features as follows. - It is not only stress-free for users but fun to use, as opposed to the dread and overhead that come today with creating, memorizingand storing passwords - It turns a low-entropy password into high-entropy authenticationdata - It eases the burden of managing the relationship between accounts and passwords - It deters phishingattacks - It can be deployed under any type of circumstance, including combat - It supports existing schemes,such as: - Biometrics which require passwords as a fallback means - Two/multi-factor authentications that require passwords as one of the factors
  • 4. - Federations such as password managers and single-sign-on services that require passwords as the master-password - Simple pictorial/emoji-passwords and patterns-on-grid can be deployed on this platform. - It is relevant whenever text passwords and pin numbers are in use - And, nothing would be lost for people who want to keep using text passwords - Last but not least, it continues to rely on free will. The proposition of Expanded Password System is in the ‘Draft Proposal’ stage at OASIS Open Projects (*3). Should you be concerned about the current status of identity assurance, you might be interested to keep an eye on it and help us where possible.
  • 5. Footnote *1 German Man Confesses to Hacking Politicians’ Data, Officials Say https://www.nytimes.com/2019/01/08/world/europe/germany-hack ing-arrest.html *2 Horrific Distinction between ‘Multi-Layer’ and ‘Multi-Entrance’ Deployments https://www.linkedin.com/pulse/horrific-distinction-between-mult i-layer-deployments-hitoshi-kokumai *3 Draft Charter https://docs.google.com/document/d/1lHFWGMmFHN4xwm9q6aj Q1vZtFFaKNNgHJKHMnvcNS0s/edit#