Global Headquarters in United Kingdom
Having been talking for some time about the headquarters to be set up for global operations of Expanded Password System (EPS), we have now chosen UK as the venue in view of its reputed R&D infrastructure.
We are putting together diverse brains from multiple disciplines - psychology, sociology, behavioral economics as well as tamper-proof programming, cryptography and other security-intelligence technologies in the common language in view of our mission of globally promoting identity assurance by our own volition and memory for secure digital identity in post-pandemic cyberspace,
The aim of our enterprise is to make EPS solutions readily available to all the global citizens: rich and poor, young and old, healthy and disabled, literate and illiterate, in peace and in disasters.
Here is a summary and brief history of Expanded Password System since 2000 when I first thought of making use of our episodic image memory for identity authentication. Key references are mentioned in it.
Identity Assurance - Sufficient and Necessary Conditions
It is not easy to define the 'sufficient condition' for describing a set of processes used to establish that a natural person is real, unique, and identifiable; criminals keep coming up with hitherto unknown weapons to compromise the said processes.
But we are easily able to define the 'necessary condition'; it is that the 'secret credential', i.e., the likes of passwords, is absolutely indispensable for the processes to stay reliable.
Let us summarize the characteristics of the factors for the processes, namely, the authenticators, as follows.
1. Secret credentials are absolutely indispensable, without which identity assurance would be a disaster. (Ref. Removal of Passwords and Its Security Effect )
2. Two-factor authentication made of passwords and tokens provides a higher security than a single-factor authentication of passwords or tokens. (Ref. Quantitative Examination of Multiple Authenticator Deployment )
3. Pseudo two-factor authentication made of biometrics and a password brings down the security to the level lower than a password-alone authentication. (Ref. Negative Security Effect of Biometrics Deployed in Cyberspace )
4. Passwords are the last resort in such emergencies where we are naked and injured (Ref. Availability-First Approach ）
5. We could consider expanding the password systems to accept both images and texts to drastically expand the scope of secret credentials. (Ref. Proposition on How to Build Sustainable Digital Identity Platform )
We could add the following.
‘Easy-to-Remember’ is one thing. Hard-to-Forget’ is another - The observation that images are easy to remember has been known for many decades; it is not what we discuss. What we discuss is that ‘images of our emotion-colored episodic memory’ is ‘Hard to Forget’ to the extent that it is ‘Panic-Proof’. This feature makes the applied solutions deployable in any demanding environments for any demanding use cases, with teleworking in stressful situations like pandemic included.