How to Strengthen Password Security Using Brain Memory
Passwords are indispensable in this modern world.
Some companies are creating hypes to kill passwords for good. They are recommending customers go passwordless. They are toying with the idea of "always logged in" and referring to it as "passwordless."
In simple words, some companies are provoking you to keep your authentication credentials saved on your devices. If your devices are stolen, and the screen lock passwords are removed, all your "passwordless" online accounts are in the hands of the device stealers.
That is how your authentication credentials of multiple online accounts, which are saved on your mobile device, say for your cryptocurrency exchange, wallets, are vulnerable to be stolen/lost with your mobile device.
Today, I will share with you a simple yet very robust technique to safeguard multiple accounts without paying a single penny on any software, such as password manager, or any paid cloud security services, which are prone to more hacking attacks.
Why are password managers prone to hacking?
A Password is a text stream that is set with a Username to authenticate the person logs in to a computer or server. The more complex and lengthier the password text stream, the stronger the password is.
Password managers are software that can provide you with facilities to create many complex passwords for multiple accounts. All generated passwords are protected by a single password called the master password.
There are both offline and online password managers. The online password managers provide server-based services to manage multiple passwords with a master password. The offline password managers are software installable on users' computers for creating and managing passwords.
In whatever its form, the security of a password manager is solely dependent on the master password which is prone to an easy attack called single point of failure
If hackers can steal the master password, all the authentication credentials of the users are in the hands of the hacker. Thus, the users will lose access to all of their cyber accounts.
Therefore, password managers can NOT provide you with the security you need.
Know how traditional password security systems function
Before starting with the security solution, let us understand in simple words how a password security system works on a computer or a server. I share a screenshot from one of my tutorial presentations on everyday cybersecurity.
Graphics 01: Screenshot of my slide "What is a Password?".
Thus, in simple words, we learn about a computational operation called the "hash" function, which is operated on the inserted passwords, and the computer system permit access if the "hash" inserted password matches with the stored "hash" of the user-created password.
Otherwise, it rejects access.
How to safeguard passwords using your brain memory
Nobody can deny that the memory of our brains is the safest place to store secret credentials. The brain memory is primarily used to store all our secret and private information.
It is widely known that password managers come as a solution to help us not overtax the brain to store very long and complex passwords. But, the single master password can be a single point of failure and serve as an easy security hole for the hackers.
My solution to this problem is not complex. Just follow the step described below and improve the security of your passwords in a significant way.
Use brain memory to store a part of the password
The steps are really pretty simple. Anybody can do it. No expertise in computing is necessary. Even your granny or grandpa can do it.
I add "salt" texts (second part) to a complex password (first part) to strengthen password security. I may like to call it quasi two-factor authentication (quasi-2FA) or static two-factor authentication (static-2FA).
Graphics 02: Screenshot of my slide "Taking help of brain memory is the safest".
The resulting "hash" of the composite password (1st part + 2ndpart "salt") will differ from the "hash" of the very long and complex password (1st part).
Thus, we can create simple "salt" text streams and memorize them in the brain memory for calling back from memory while authenticating the account with the composite password.
I call it quasi or static two-factor authentication
Since the resulting composite password is part of being inserted from the brain memory, I will call this technique a quasi or static two-factor authentication (quasi-2FA or static-2FA).
I call the technique quasi or static 2FA because it doesn't associate with using any dynamic PIN through SMS or email.
The strength of the composite password security is significantly high because there is no technology available in the world to hack or steal human brain memory.
Bringing it altogether
I introduce a simple technique to safeguard the traditional text password system.
This password security solution is my original idea.
My very close friends know this technique and regularly use it for their online as well as offline accounts. Computer server administrators can adopt this technique to safeguard their administrator accounts of servers and other computer infrastructure.
Since the technique is pretty simple, I or my friends never thought to file a technology patent. We dedicate this technology solution to helping people improve their personal cybersecurity.
My proposed technique does NOT involve using SMS or email to get the second factor PIN. Instead, it adds a text "salt" (2nd part) available from the brain memory as a second factor to the complex password (1st part) for authentication.
The security strength, or entropy of the composite password (complex password + salt text), is significantly high because there is no technology available to hack or steal human brain memory.
The proposed security solution doesn't need any proprietary software or device or additional resources. It can operate using the existing authentication infrastructure of the online platforms.
Hence, the users can adopt it without paying any license fees from their pockets.
Moreover, the service providers need not make any alterations to their systems.
I share the password security solution as a gift to all the dot-cash communities of bloggers and noisers. Please freely add this security on every online and offline account.
Should you have any questions, please feel free to ask in the comment section, or join me at other places in cyberspace, i.e., Odysee, LinkedIn, Twitter, noise.cash, publish0x, and Facebook, and shoot your inquiries.
Postscript
May I ask my ReadCash friends to evaluate this simple yet powerful technique for safeguarding password security?
If you already use/know any similar technique, please ignore it.
If you like it, please share it with your network.
@Amjad_Ali_Waince @Ayane-chan @cmoneyspinner @Duvinca @Ellehcim @ErdoV @Eybyoung @HermaniGinger @Jane @Janz @Laurenceuuu @Ling01@Lucifer01 @Oikawa @Olasquare @SolarPhasing @sj0820 @Talecharm @TheGuy
All names have appeared in alphabetical order.
About me
I am from Science, Technology, Engineering, and Mathematics (STEM) field. I have also added "Arts" and "Fine Art" to my interests and made my interests STEAM - Science, Technology, Engineering, Arts, and Mathematics.
I develop solutions for password and cybersecurity relevant to cryptocurrencies, blockchain, and other block-less distributed ledgers.
I wish to thank all my sponsors, whose names appear in the "Sponsor" pannel.
I hope that the entire blogging community will strive here and elsewhere.
If you have time, please explore my "Learning Times" and other channels on Odysee-dot-Com and earn crypto coin LBRY Credit or LBC for consuming and creating content.
Cheers!
Unity (Debesh Choudhury)
Text Copyright © 2022 Debesh Choudhury — All Rights Reserved
Join me at
Odysee, LinkedIn, Twitter, noise.cash, read.cash, publish0x, and Facebook
Lead Image: Animated GIF created with the title text and a Photo by Miguel Á. Padriñán on Pexels.
All other graphics and videos are credited just below it.
Disclaimer: All texts are mine and original. Any similarity and resemblance to any other content are purely accidental. The article is not advice for life, career, business, or investment. Do your research before adopting any options.
Unite and Empower Humanity.
April 10, 2022.
What is being proposed by Apple, Microsoft, Google, etc is NOT passwords stored on a device. It's actually a little more complicated and thus a lot more secure than that.
So on a lot of websites you can use things like "Sign in with Apple" or "Sign in with Facebook" etc. So essentially what is happening is that the accounts on these websites are created and authenticated according to the external system.
Effectively, if you signed in with Google then the website you're signing into will have all the same details as Google in that it will have the same username and password. This is a bad thing but because the authentication is being done by Google the website doesn't really know what is being entered.
"Sign in with Apple" is the best of these systems. I'm not saying that because I love Apple's products, I'm saying it because it is true. How SiwA works is this. An account is created on the website with a random email address and password. This is not stored in iCloud Keychain like all your other usernames and passwords but is instead stored in the Secure Enclave of iOS devices and late model Macs. There is NO physical way this can be accessed by anything or anyone because it is hardware stored.
If you then set up 2FA on the site, then SiwA adds the 2FA seed to the secure enclave. Even if someone got into your device and got into "Passwords" in the settings, they would still not see the passwords for that site because it's not in the keychain.
So what does this mean? It means that when you go to a site, anything using "Sign in with Apple" will be sent the random email address as the username, the random password, and the 2FA code all without a single entry from a user. This means that key loggers cannot get your username, password (including the salt as mentioned in this article), and 2FA codes.
This makes using "Sign in with Apple" far more secure than anything that has been written in this article because this still requires users to type in things which can be read by key loggers.
So yes, do follow this article because it's a great option, but just realise that because there is still the need to type something in then it's not as secure as you might think. This is why Apple is working with others to remove usernames and passwords. Apple's implementation should be used by all hardware and OS manufacturers though because it is by far the most secure system out there.
I won't say it's infallible but its a billion times better than a username and password.