I was given good chances to have a lot of meaningful discussions in Seattle and Amsterdam at Consumer Identity World 2018 In all I posted the following 5 articles on LinkedIn over the two conferences.
- Four Puzzling Issues of Identity Authentication
- Questions and Answers - Expanded Password System and Related Issues
- Presentation at KuppingerCole's Consumer Identity World 2018 Europe
- Takeaways from Consumer Identity World Europe 2018
- Targeted/Spear Phishing and Expanded Password System
This article is a short summary of the above as well as the earlier discussions at OASIS.
When we say 'The door is weak', it could mean two things - 'The door panel is weak' and 'The lock/key system is weak.' Enhancing the former does not make an alternative to enhancing the latter, and vice versa. And, needless to say, throwing away the weak lock/key is not an alternative to solving the problem of weak lock/key system. Our proposition is meant to provide a solution to the equivalent of the weak lock/key problem in the sphere of digital identity.
<Confirmation of URLs >
https://www.slideshare.net/HitoshiKokumai/updated-presentation-with-scripts-at-ciw2018-122968273
https://www.linkedin.com/in/hitoshikokumai/detail/recent-activity/posts/
Scanning the Internet for External Cloud Exposures via SSL Certs
Updated Summary of Expanded Password System
1. Expanded Password System
Summary Updated
Introduction
Security of the real/cyber-fused society hinges on “Assured Identity”, which
hinges on “Shared Secrets” in cyberspace. The text password has been the
shared secrets for many decades. It is now obvious that the conventional
character password no longer suffices. We urgently need a successor to the
text password.
We propose Expanded Password System (EPS) that accepts both
images/pictures and texts/characters as outlined in
https://www.slideshare.net/HitoshiKokumai/updated-presentation-with-scri
pts-at-ciw2018-122968273
Objectives and Features
The conventional password is hated as everybody agrees, whereas the
volitional password is absolutely necessary, since it would be a 1984-like
Dystopia when authentication of our identity happens without our
knowledge or against our will. These observations lead us to one conclusion,
that is, we have to find the sort of password system that is not hated. Logic
tells that there can be no other choice.
We propose Expanded Password System that has the following features.
- It is not only stress-free but offers joy and fun
- It enables us to turn a low-entropy password into a high-entropy
authentication data
2. - It relieves us from the burden of managing the relation between accounts
and the corresponding passwords
- It deters phishing attacks that have so far been very hard to defend
- It can be deployed in panicky situations
- It is supportive of
- Biometrics that require passwords as a fallback means against false
rejection
- Two/multi-factor authentications that require passwords as one of the
factors
- ID federations such as password managers and single-sign-on services
that require passwords as the master-password
- Simple pictorial/emoji-passwords and patterns-on-grid that can all be
deployed on our platform
- Its applications can be found wherever people have been using text
passwords and numerical PINs
- And, nothing would be lost for the people who want to keep using textual
passwords
- Lastly but not the least, it is democracy-compatible by way of providing the
chances and means to get our own volition confirmed in our identity
assurance.
When we say 'The door is weak', it could mean two things - 'The door panel is
weak' and 'The lock/key system is weak.' Enhancing the former does not
make an alternative to enhancing the latter, and vice versa. And, needless to
say, throwing away the weak lock/key is not an alternative to solving the
problem of weak lock/key system. Our proposition is meant to provide a
solution to the equivalent of the weak lock/key problem in the sphere of
digital identity.
Security of the real/cyber-fused society hinges on “Assured Identity”, which
hinges on “Shared Secrets” in cyberspace. Expanded Password System is
expected to provide the “Shared Secrets” in the most reliable way and
thereby makes the basic and comprehensive platform of identity assurance
on which all the security structures and digital services can be sustainably
maintained.
3. Remarks: I was given good chances to have a lot of exciting and meaningful
discussions in Seattle and Amsterdam.at Consumer Identity World 2018 . In
all, I posted the following 5 articles on LinkedIn over the two conferences.
- Four Puzzling Issues of Identity Authentication
- Questions and Answers - Expanded Password System and Related Issues
- Presentation at KuppingerCole's Consumer Identity World 2018 Europe
- Takeaways from Consumer Identity World Europe 2018
- Targeted/Spear Phishing and Expanded Password System
https://www.linkedin.com/in/hitoshikokumai/detail/recent-activity/posts/
This article is the concise summary of the above and the earlier discussions
at OASIS.