What Our Episodic Memory Brings for Identity Assurance
Three big myths are rampant in the sphere of digital identity. These are ‘Higher security achieved by removal of password’, ‘Passwords killed by the biometrics that is dependent on passwords' and ‘Passwords displaced by PIN that is no more than a weak form of numbers-only password’.
Unraveling these myths, we come to the conclusions that we must look for something really valid in the sphere of ‘Non-Text Password’ and that the identity of 'citizens' cannot be separated from their volition and memory while the identity of 'things' can be handled only technologically.
Our own autobiographic memory, especially episodic memory, enables us to come up with the most reliable digital identity platform, bidding farewell to the unsafe and torturous identity proofing.
‘Text-Password’ is subordinate to ‘Password’
The word ‘password’ is poly-semantic and context-dependent. Sometimes it’s narrowly interpreted as ‘remembered text password’ and sometimes it’s taken broadly as ‘whatever we remember as secret credentials’. This situation drives some people to allege that the ‘text password’ is hard to manage so the ‘password’ should be removed from digital identity altogether by relying on ‘physical tokens’, ‘biometrics’ and ‘PIN’.
We could, however, draw a totally different observation from the same assumption that the text password is hard to manage. That is, the text password is hard to manage so we ought to think about ‘non-text passwords’ in our efforts towards an easier-to-manage and yet more secure password system.
Could the physical token be a solution to the password headache?
We do not need to take much space to explain the security effect of authentication by a physical token. This scheme may be enough.
This cartoon published14 years ago might also help.
Could biometrics solve the password headache?
Passwords and physical tokens can be deployed on their own and also with other authenticators in the security-enhancing ‘multi-layer’ method, whereas the biometrics cannot be deployed on its own. It can be deployed only in the security-lowering ‘multi-entrance’ method along with a fallback measure.
Biometrics used with a fallback measure (Password/PIN in most cases) provide the security lower than that of the fallback measure” as outlined in this video.
Houses with One Entrance and Two Entrances
Which house is easier to sneak into?
Alleging that biometrics which needs to rely on a password can displace the password is not different to alleging that a baby who needs to rely on its mother can displace the mother.
With so much money invested and so many products sold, it may be hard to admit ‘Biometrics has actually brought down security’. But an alternative fact cannot displace the fact for long.
Anyway, the number of possible combinations of authenticators would be reduced and the seemingly complicated situation would be much simpler when security-lowering biometrics gets removed from the security-oriented multi-factor authentication schemes.
Could PIN displace the password?
Some people thought of declaring that a PIN is not the password. Say, the password should be removed but the PIN could stay for use on its own or as a fallback measure for biometrics.
In this world where we live, PIN is no more than a weak form of numbers-only password. When the password (superordinate/generic concept) was removed, the PIN (subordinate/specific concept) has also been removed.
In a parallel world where those people live, the PIN (subordinate concept) can do what the password (superordinate concept) cannot do, as a paper-knife should be able to do something that the knife cannot do.
‘PIN-dependent Password-less Authentication’ may not be a day dream for them, but it is exactly a day dream.
Isn’t there something else?
Hard-to-break long password written on a memo?
- It belongs to the physical token that we had analyzed.
- It is hard to use multiple hard-to-break patterns without confusion.
ID federations like single-sign-on services and password management tools?
- Centralization creates a single point of failure. If modestly decentralized, multiple reliable master passwords are necessary.
- They need a reliable password as one of the factors for each scheme..
Why sticking to the memory of characters and numbers?
The part of our memory for characters and numbers, which we categorize as ‘text memory’ is just a small segment of our overall memory capacity.
We have a huge memory capacity for non-text memories – visual, audio, tactile, gustatory, olfactory, which have supported our history over hundreds of millions of years – besides the text memory humans acquired only hundreds of years ago among the large parts of the population.
Why don’t we think of making use of these deep-inscribed memory capacities, particular the visual memories? We know that the latest computers and phones are so good at handling visual images.
Among the image memories we could focus on the images linked to our autobiographic memory, episodic memory in particular.
Secret credentials made from episodic memory are ‘panic-proof’. Identity authentication measures practicable in panicky situation are easily practicable in everyday life. The reverse is not true.
Our Proposition - Make Use of Our Own Episodic Memory
In the matrix, there are several known images. We can easily find all of them right away. Or, rather, these known images jump into our eye. And, only we are able to select all of them correctly. This is Expanded Password System.
We can use both images and characters. It’s easy to manage the relation between accounts and the corresponding passwords. Comfortable and even fun.
The idea of using pictures for passwords is not new. It’s been around for more than two decades but the simple forms of pictorial passwords were not as useful as had been expected. Unknown pictures we manage to remember afresh are still easy to forget or get confused, if not as badly as random alphanumeric characters.
Expanded Password System is new in that it offers a choice to make use of known images that are associated with our autobiographic/episodic memories.
Since these images are the least subject to the memory interference, it enables us to manage dozens of unique strong passwords without reusing the same password across many accounts or carrying around a memo with passwords on it. And, handling memorable images makes us feel comfortable, relaxed and even healed. Torturous login is history.
Well, let us talk about some major problems that use of our own episodic memory enables us to solve.
Accounts & Corresponding Passwords
Being able to recall strong passwords is one thing. Being able to recall the relation between accounts and the corresponding passwords is another.
When unique matrices of images are allocated to different accounts, those unique image matrices will be telling you what images you should pick up as your password for this or that account.
When using images of our episodic memories, Expanded Password System will thus free us from the burden of managing the relation between accounts and the corresponding passwords.
Hard-to-break text passwords are hard-to-remember. But it’s not the fate of all the secret credential. It would be easily possible to safely manage many of high-entropy passwords with Expanded Password System that handles characters as images.
Each image or character is presented by the image identifier data which can be of any length. Assume that your password is “CBA123” and that the image ‘C’ is identified as X4s& eI0w, and so on.
When you input CBA123, the authentication data that the server receives is not the easy-to-break“CBA123”, but something like “X4s&eI0wdoex7RVb%9Ub3mJvk”, which could be automatically altered periodically or at each access where desired
So far, only texts have been accepted. It was, as it were, we have no choice but to walk up a long steep staircase. With Expanded Password System, we could imagine a situation that escalators and elevators are provided along with the staircase. Or, some of us could think of all those ladders we have for climbing in Donkey Kong.
Where we want to continue to use text passwords, we could opt to recall the remembered passwords, although the memory ceiling is very low, Most of us can manage only up to several of them.
We could opt to recognize the pictures remembered in stories where we want to reduce a burden of textual passwords. The memory ceiling is high, that is, we would be able to manage more and more of them.
Where we choose to make use of episodic image memory, we would only need to recognize the unforgettable images, say, known images. There is virtually no memory ceiling, that is, we would be able to manage as many passwords as we like, without any extra efforts.
Security of Brain-Computer/Machine-Interface
A simple brain-monitoring has a problem in security. The authentication data, if wiretapped by criminals, can be replayed for impersonation straight away. Therefore the data should desirably be randomized as the onetime disposable ones.
An idea is that the authentication system allocates random numbers or characters to the images shown to the users. The users focus their attention on the numbers or characters given to the images they had registered.
The monitoring system will collect the brain-generated onetime signals corresponding to the registered images. Incidentally, the channel for showing the pictures is supposed to be separate from the channel for brain-monitoring.
If intercepting successfully, criminals would be unable to impersonate the users because the intercepted data has been disposed of.
Stopgap 2-Factor Authentication
A very strong password supposed to not be remembered and written down on a memo should be viewed as 'what we have', definitely not 'what we remember', so it could be used as one of the two factors along with a remembered password.
We could then turn a boring legacy password system into a two factor authentication system at no cost, just by verifying two passwords at a time, one volitionally recalled and the other one physically possessed.
When those two different passwords are used as two factors, we could rely on the strength of a remembered password against physical theft and the strength of a physically possessed long password against brute force attack, although it is not as strong against wiretapping as token-based solutions armed with PKI or Onetime Password.
This configuration could be viewed just as a thought experiment or could actually be considered for practical application in between a single factor authentication and a costly heavily-armored 2-factor scheme, or, as a transition from the former to the latter.
It goes without saying that Expanded Password System could be brought in for generating a remembered high-entropy password.
Fighting Threats to Security and Democracy from Within
Where the digital identity platform was built without the secret credentials made from our memory, we would have to see the necessary level of security lost.
Where the secret credentials, for which our will/volition is indispensable, are removed from the digital identity platform, we would have to see erosion of democracy that our ancestors have won through heavy sacrifices.
On this front we are not optimistic; too few people are taking the correct course towards the correct objectives. Too many people, with professionals, researchers, politicians and journalists included, are badly distracted and straying off the course.
More and more people are expected to join our efforts.
< Related Articles >
I today take up this The Register report - “Client ...