Editorial

Why the password isn’t an enemy of people

Why eliminating passwords won’t solve the identity crisis

Posted 25 August 2021 by Christine Horton


Passwords are said to be too vulnerable to theft and too hard to manage. Many people talk as if the password were an enemy of people. Some people even allege that removal of the password would improve the security of digital identity.

Let us examine how valid such views are. It’s relevant to note that ‘password’ can be interpreted in two ways in different contexts. In some cases, it narrowly means conventional ‘text password’. In other cases, it broadly means the whole family of ‘secret credential’. I will be referring to the latter interpretation here.

Passwordless security is to cybersecurity what army-less defence is to national defence

“The army is so vulnerable to air attack. What is vulnerable to attack is detrimental to our defence. Therefore, we must remove the army so that we will have a stronger national defence.”

Hearing me mention the above, you might well think I am making a bad joke, since this proposition sounds too insane. I am, however, dead serious.

The army-less defence should be viewed as valid by people who believe in the merit of ‘passwordless’ authentication: “The password is so vulnerable to theft. What is vulnerable is detrimental. Therefore, we need to remove the password so that we will have a stronger identity security.”

In many of the password-removed authentication schemes, biometrics is supposed to play a big role. Let us examine whether and how it can displace the password.

Biometrics is to password what back door is to front door

Most, if not all, of the user devices come with a password/pin code authentication as a default login function. Most, if not all, of the user devices that come with a biometrics login accept the biometric login as well as the default password login.

Let me try to make the relation of the biometrics and the ‘default password’ clearer with the picture of a house with a front door of a deterministic password login, to which a back door of probabilistic biometrics login was added as another entrance.

Residents are required to use the seemingly convenient back door as the first choice for entry, until they get falsely rejected there by the probabilistic biometrics. The residents rejected at the backdoor would be required to try the front door of a deterministic password login. The correct residents with correct memory are expected to be accepted deterministically.

If the one-door house was not secure enough in the first place, the two-doored house is made even less secure. Bad guys, who are now given the chance to break the back door as well as the front door, can enjoy an increased attack surface., i.e., lowered defence.

Therefore the view that biometrics contributes to identity security is false.

Incidentally, what ‘being probabilistic’ means is that it cannot escape the trade-off between False Acceptance (false positive/false match) and False Rejection (false negative/false non-match) and therefore it cannot be used on its own without sacrificing the availability, whereas ‘being deterministic’ means that it can be used on its own.

Now we have come to confirm that removing the password would only make the matter worse. Can we only despair?

Non-text secret credentials

The secret credential (A) is made of the text credential (B) and the non-text credential (Non-B). The relationship between the three elements are illustrated below.

It is really a no-brainer question unless we are so reckless to assume that a safe and orderly societal life can exist without a solid identity assurance made possible by the solid secret credential.

Well, we propose that we can make use of our autobiographic memory. The identity authentication by ‘pleasant episodic image memory’ also enables us to:

(1)          Recognise dozens of different secret credentials effortlessly

(2)          Manage the correspondence between the accounts and the passwords

(3)          Regenerate cryptographic keys on-the-fly

(4)          Provide a solid defence against advanced persistent threats

Bring a healthy second life to legacy password systems

We do not have to replace or rebuild the existing text password systems for making use of episodic image memory; images of our episodic memory can be turned into a high-entropy code with a simple tweak.

All that we need to do is ensure that our password system accepts very long passwords, desirably hundreds of characters, for obtaining very high-entropy hashed values that can stand fierce brute force attacks.

Hitoshi Kokumai is managing director, Mnemonic Identity Solutions