Author: HItoshi Kokumai

Shall we start from these observations? – No safe and orderly societal life would exist without solid identity assurance. No solid identity assurance would exist without solid secret credential for identity authentication, whereas the text-password as a conventional secret credential is no longer manageable. Then, we will naturally get to the view that we could and should look to ‘Non-Text’ secret credential as illustrated below. Episodic Memory and Its Impacts on Digital Identity We advocate a wise use of our episodic image memory as the source of the non-text secret credential. It plays a big role in multiple aspects; it…

Pandemic-resistant Teleworking – We started to use this phrase five years ago as a use case of Expanded Password System that provides ‘hard-to-forget’, ‘hard-to-break’ and ‘panic-proof’ digital identity authentication platform, though it was no more than a hypothetical statement at that time.  We now witness the pandemic assaulting us before we get ready.  We were unfortunately late for the current Covid-19. When, not if, the next one hits us in 5, 10 or 20 years ahead, humans will probably be yet more heavily dependent on Digital Identity.  We or our successors will hopefully be able to make a meaningful contribution…

In the earlier article “Secrity, Democracy And Digital Identity” , we made clear that we should look for ‘something other than the text password’ in the domain of ‘Secret Credentials’ and referred to the proposition of Expanded Password System.  We would like to talk more about what Expanded Password System specifically offers in this article.  What our Remembrance Brings for Digital Identity  In the matrix below, there are several known images. We can easily find all of them right away. Or, rather, these known images jump into our eye.  And, only we are able to select all of them correctly. This is Expanded…

Security, Democracy and Digital Identity We are facing several grave threats, some real and imminent, some theoretical or imaginary.  At the top of the imminent threats list is probably the climate change, which is also viewed as an existential risk. We could be somewhat hopeful on this threat; thousands of professionals and politicians debating how to avert the catastrophe, millions of volunteers endeavoring to awaken the population about its gravity and billions of people already aware of this problem to some extent, say, things moving apparently in the correct direction if not as fast as it should, despite a pocket…

We are witnessing a critical turning point in the history of identity assurance – transition from the time-honored seals, autographs and textual passwords towards Expanded Password System. The worst part of the global password predicament will melt away when people are offered a broader password choice. Expanded Password System that we advocate accepts images as well as texts and brings an identity authentication that is secure and yet stress-free. It is being recognized by an increasing number of identity and security professionals and is now in the stage of ‘Draft Proposal’ of OASIS Open Projects. Quite a few people, however,…

People who enjoy handling images will gain better security and convenience. The only extra effort required is to get the images registered. But people already do that across social media platforms and seem to love it. So far, only texts have been accepted. It was, as it were, we have no choice but to walk up a long steep staircase. With Expanded Password System, we could imagine a situation that escalators and elevators are provided along with the staircase. Or, some of us could think of all those ladders we have for climbing in Donkey Kong. Where we want to…

Caveats about ‘Password’ Sometimes the word ‘Password’ is narrowly interpreted as ‘remembered text password’ and sometimes it’s taken broadly as ‘whatever we remember for authentication’. We are of the view that it would be desirable to define ‘Password’ broadly enough. As a denotational definition, it could be ‘Whatever we remember and recall volitionally for identity authentication. As a connotation, it could be “A shared secret known only by two consenting parties. The secret will be submitted by one party to the other on request. It is used to verify legitimate access to an asset of shared interest.” (This is suggested…

– Takeaways from Consumer Identity World USA 2018 – Introduction The so-called password-less authentication, if implemented literally, would lead us to a world where we are deprived of the chances and means to get our volition confirmed in having our identity authenticated. It would be a 1984-like world. The values of democratic societies are not compatible. Some people allege that passwords can and will be eliminated by biometrics or PIN. But logic tells that it can never happen because the former requires a password/PIN as a fallback means and the latter is no more than the weakest form of numbers-only…

Summary In an earlier article we briefly referred to Expanded Password System (EPS) that accepts both images and texts as the shared secrets. The proposition of EPS is now acknowledged as a ‘Draft Proposal’ for OASIS Open Projects that OASIS has recently launched as a new standardization program. We have publicized an EPS draft specification there. The EPS is also among the topics to be discussed in Seattle (19-21/September) and Amsterdam (29-31/October) at KuppingerCole’s Consumer Identity World 2018, Besides talking about the EPS as a speaker, the writer will also take part in panel discussions about biometrics and multi-factor authentications.…

– Biometrics Co-Used with Password – On a number of tech media still circulating so rampantly are confused reports about the password and biometrics deployed in cyberspace. We could assume that the people who circulate the befuddled perception may well have mixed up the following two views. A: Biometrics brings some security (better than nothing). B: Biometrics brings the security better than a password. A is correct but B is a fallacy. Logic tells that biometrics deployed with a backup/fallback password brings down the security of password protection, offering better convenience to users and criminals alike, as shown in this…