How to Strengthen Password Security Using Brain Memory

20 249
Avatar for Unity
Written by
2 years ago

Passwords are indispensable in this modern world.

Some companies are creating hypes to kill passwords for good. They are recommending customers go passwordless. They are toying with the idea of "always logged in" and referring to it as "passwordless."

In simple words, some companies are provoking you to keep your authentication credentials saved on your devices. If your devices are stolen, and the screen lock passwords are removed, all your "passwordless" online accounts are in the hands of the device stealers.

That is how your authentication credentials of multiple online accounts, which are saved on your mobile device, say for your cryptocurrency exchange, wallets, are vulnerable to be stolen/lost with your mobile device.

Today, I will share with you a simple yet very robust technique to safeguard multiple accounts without paying a single penny on any software, such as password manager, or any paid cloud security services, which are prone to more hacking attacks.


Why are password managers prone to hacking?

  • A Password is a text stream that is set with a Username to authenticate the person logs in to a computer or server. The more complex and lengthier the password text stream, the stronger the password is.

Password managers are software that can provide you with facilities to create many complex passwords for multiple accounts. All generated passwords are protected by a single password called the master password.

There are both offline and online password managers. The online password managers provide server-based services to manage multiple passwords with a master password. The offline password managers are software installable on users' computers for creating and managing passwords.

In whatever its form, the security of a password manager is solely dependent on the master password which is prone to an easy attack called single point of failure

  • If hackers can steal the master password, all the authentication credentials of the users are in the hands of the hacker. Thus, the users will lose access to all of their cyber accounts.

Therefore, password managers can NOT provide you with the security you need.


Know how traditional password security systems function

Before starting with the security solution, let us understand in simple words how a password security system works on a computer or a server. I share a screenshot from one of my tutorial presentations on everyday cybersecurity.

Graphics 01: Screenshot of my slide "What is a Password?".

Thus, in simple words, we learn about a computational operation called the "hash" function, which is operated on the inserted passwords, and the computer system permit access if the "hash" inserted password matches with the stored "hash" of the user-created password.

Otherwise, it rejects access.


How to safeguard passwords using your brain memory

  • Nobody can deny that the memory of our brains is the safest place to store secret credentials. The brain memory is primarily used to store all our secret and private information.

It is widely known that password managers come as a solution to help us not overtax the brain to store very long and complex passwords. But, the single master password can be a single point of failure and serve as an easy security hole for the hackers.

  • My solution to this problem is not complex. Just follow the step described below and improve the security of your passwords in a significant way.


Use brain memory to store a part of the password

The steps are really pretty simple. Anybody can do it. No expertise in computing is necessary. Even your granny or grandpa can do it.

I add "salt" texts (second part) to a complex password (first part) to strengthen password security. I may like to call it quasi two-factor authentication (quasi-2FA) or static two-factor authentication (static-2FA).

Graphics 02: Screenshot of my slide "Taking help of brain memory is the safest".

The resulting "hash" of the composite password (1st part + 2ndpart "salt") will differ from the "hash" of the very long and complex password (1st part).

Thus, we can create simple "salt" text streams and memorize them in the brain memory for calling back from memory while authenticating the account with the composite password.


I call it quasi or static two-factor authentication

  • Since the resulting composite password is part of being inserted from the brain memory, I will call this technique a quasi or static two-factor authentication (quasi-2FA or static-2FA).

  • I call the technique quasi or static 2FA because it doesn't associate with using any dynamic PIN through SMS or email.

The strength of the composite password security is significantly high because there is no technology available in the world to hack or steal human brain memory.


Bringing it altogether

  • I introduce a simple technique to safeguard the traditional text password system.

This password security solution is my original idea.

My very close friends know this technique and regularly use it for their online as well as offline accounts. Computer server administrators can adopt this technique to safeguard their administrator accounts of servers and other computer infrastructure.

Since the technique is pretty simple, I or my friends never thought to file a technology patent. We dedicate this technology solution to helping people improve their personal cybersecurity.

  • My proposed technique does NOT involve using SMS or email to get the second factor PIN. Instead, it adds a text "salt" (2nd part) available from the brain memory as a second factor to the complex password (1st part) for authentication.

  • The security strength, or entropy of the composite password (complex password + salt text), is significantly high because there is no technology available to hack or steal human brain memory.

  • The proposed security solution doesn't need any proprietary software or device or additional resources. It can operate using the existing authentication infrastructure of the online platforms.

  • Hence, the users can adopt it without paying any license fees from their pockets.

  • Moreover, the service providers need not make any alterations to their systems.

I share the password security solution as a gift to all the dot-cash communities of bloggers and noisers. Please freely add this security on every online and offline account.

Should you have any questions, please feel free to ask in the comment section, or join me at other places in cyberspace, i.e., OdyseeLinkedInTwitternoise.cashpublish0x, and Facebook, and shoot your inquiries.


Postscript

  • May I ask my ReadCash friends to evaluate this simple yet powerful technique for safeguarding password security?

  • If you already use/know any similar technique, please ignore it.

  • If you like it, please share it with your network.

@Amjad_Ali_Waince @Ayane-chan @cmoneyspinner @Duvinca  @Ellehcim @ErdoV @Eybyoung @HermaniGinger @Jane @Janz @Laurenceuuu @Ling01@Lucifer01 @Oikawa @Olasquare @SolarPhasing @sj0820 @Talecharm @TheGuy

All names have appeared in alphabetical order.


About me

  • I am from Science, Technology, Engineering, and Mathematics (STEM) field. I have also added "Arts" and "Fine Art" to my interests and made my interests STEAM - Science, Technology, Engineering, Arts, and Mathematics.

  • I develop solutions for password and cybersecurity relevant to cryptocurrencies, blockchain, and other block-less distributed ledgers.

  • I wish to thank all my sponsors, whose names appear in the "Sponsor" pannel.

I hope that the entire blogging community will strive here and elsewhere.

If you have time, please explore my "Learning Times" and other channels on Odysee-dot-Com and earn crypto coin LBRY Credit or LBC for consuming and creating content.

Cheers!

Unity (Debesh Choudhury)

Text Copyright © 2022 Debesh Choudhury — All Rights Reserved

Join me at  

OdyseeLinkedInTwitternoise.cashread.cashpublish0x, and Facebook

Lead Image: Animated GIF created with the title text and a Photo by Miguel Á. Padriñán on Pexels.

All other graphics and videos are credited just below it.

Disclaimer: All texts are mine and original. Any similarity and resemblance to any other content are purely accidental. The article is not advice for life, career, business, or investment. Do your research before adopting any options.

Unite and Empower Humanity.

April 10, 2022.

20
$ 6.40
$ 5.92 from @TheRandomRewarder
$ 0.07 from @Ellehcim
$ 0.06 from @Talecharm
+ 10
Sponsors of Unity
empty
empty
Avatar for Unity
Written by
2 years ago

Comments

What is being proposed by Apple, Microsoft, Google, etc is NOT passwords stored on a device. It's actually a little more complicated and thus a lot more secure than that.

So on a lot of websites you can use things like "Sign in with Apple" or "Sign in with Facebook" etc. So essentially what is happening is that the accounts on these websites are created and authenticated according to the external system.

Effectively, if you signed in with Google then the website you're signing into will have all the same details as Google in that it will have the same username and password. This is a bad thing but because the authentication is being done by Google the website doesn't really know what is being entered.

"Sign in with Apple" is the best of these systems. I'm not saying that because I love Apple's products, I'm saying it because it is true. How SiwA works is this. An account is created on the website with a random email address and password. This is not stored in iCloud Keychain like all your other usernames and passwords but is instead stored in the Secure Enclave of iOS devices and late model Macs. There is NO physical way this can be accessed by anything or anyone because it is hardware stored.

If you then set up 2FA on the site, then SiwA adds the 2FA seed to the secure enclave. Even if someone got into your device and got into "Passwords" in the settings, they would still not see the passwords for that site because it's not in the keychain.

So what does this mean? It means that when you go to a site, anything using "Sign in with Apple" will be sent the random email address as the username, the random password, and the 2FA code all without a single entry from a user. This means that key loggers cannot get your username, password (including the salt as mentioned in this article), and 2FA codes.

This makes using "Sign in with Apple" far more secure than anything that has been written in this article because this still requires users to type in things which can be read by key loggers.

So yes, do follow this article because it's a great option, but just realise that because there is still the need to type something in then it's not as secure as you might think. This is why Apple is working with others to remove usernames and passwords. Apple's implementation should be used by all hardware and OS manufacturers though because it is by far the most secure system out there.

I won't say it's infallible but its a billion times better than a username and password.

$ 0.00
2 years ago

"Sign in with some site's login credentials" discloses all the users' account information and their connections' identity data with the new site! "Sign in with some site's login credentials" not only makes the users' personal identity data shared with the new site but also share all their connections' personal identity data with the new site!

I never use "Sign in with some site's login credentials" to create/login to other sites.

I appreciate your valuable time in writing a detailed comment.

$ 0.00
2 years ago

NOT with “Sign in with Apple”. You’re correct with “Sign in with Google” and “Sign in with Facebook” or Twitter etc. Apple’s implementation however is vastly different:

https://support.apple.com/en-us/HT210318

$ 0.00
2 years ago

I shall check the company link you shared.

$ 0.00
2 years ago

In my part, I'm really not good in remembering my password. It came to the point that it's my friends holding it hahha but now, the safeties way I did is to write it in my notebook.

$ 0.00
2 years ago

You can save the complex and lengthy password (1st part) in a file or write it down in your notebook and create an easy-to-remember "salt" text (2nd part). Enter the complex password (1st part) from the saved file or notebook page, and Call back the "salt" (2nd part) from your brain memory while authenticating the login using the composite password (1st part + 2nd part).

$ 0.00
2 years ago

I totally agree sir, storing passwords using a password manager compromises the security of the user. It is really vulnerable and prone to hackers. I have never encountered a technique like yours, that was brilliant. I learned something new today, thank you. And I appreciate the mention.

$ 0.00
2 years ago

I appreciate for reading and writing your feedback. I hope you will try the proposed technique for protecting your passwords :)

$ 0.00
2 years ago

It has been an honor, sir.

$ 0.00
2 years ago

Let me know if you could try using a composite password, i.e., "1st complex part from file or notebook" plus "2nd simple from brain memory."

$ 0.00
2 years ago

I agree your article friend that you have to keep a password in your brain because hackers and thieves are trendy

$ 0.00
2 years ago

Not the entire complex password, but by adding a "salt" or simple text streams, I call it quasi-2FA, that can easily be memorized.

$ 0.00
2 years ago

Secure password is very much necessary to secure the personal data of the phone Now ideas many tricks of removing password are prevailing

$ 0.00
2 years ago

Removing passwords is like removing the lock and key of a house.

$ 0.00
2 years ago

But we still have to memorize or save the complicated password..so it'll still made me forget it for sure haha

$ 0.00
2 years ago

A simple "salt" text can be memorized. I will write about another solution.

$ 0.00
2 years ago

For the password, I still save it on the flash drive. So, I don't think that storing in cloud storage is a safe way, because they are also companies that have vested interests.

However, I will apply your method. Thanks for the valuable knowledge.

$ 0.01
2 years ago

Cloud-based authentication security (password managers) is the most vulnerable choice.

$ 0.00
2 years ago

Sometimes it's confusing to have so many different passwords, so we need to be very well organized in order to keep safe all those codes, numbers or different keywords.

$ 0.01
2 years ago

Managing many passwords is a challenging task. That is why I have been trying to create a logical solution.

$ 0.00
2 years ago