Web Analytics
  • Secure Channels

Time to Paradigm Shift Passwords by Richard Blech

Paradigm, a theory or a group of ideas on how something should be done, made, or thought about. This is exactly applicable to the current state of vulnerability that all of us face, with the current methodology of alpha-numerical passwords. A recent article from RawStory breaks the reasons why we are so exposed with our easy passwords to hackers: http://www.rawstory.com/2014/12/the-big-password-mistake-hackers-are-hoping-youll-make/

One of the most prominent security vulnerabilities facing computer users today is user maintained passwords or keys. The reason I say ‘user maintained’ is the present paradigm requires the user to ‘remember’ their key for future use and, unfortunately, the average human brain just doesn’t remember complex patterns all that well.

In order to address this problem there must be a way to allow for the generation and use of complex keys and yet be simple enough for the average person to remember. What a person can more easily remember are things associated with themselves, such as:

  1. pictures they took or were given

  2. documents they wrote or read

  3. audio recordings they may have made or listened to

  4. movies they may have watched

  5. etc…

Given the above list of ‘things’ or resources a person can associate with and thus remember the details, and then we can use this fact to build a paradigm that can utilize that memory mnemonic to create cryptographically complex keys.

Imagine if the user was presented the ability to use personal imagery indicating ‘hot spots’ on and that the system could use that imagery as their key? That technology already exists in gesture based key systems but, unfortunately, those concepts, although easy to use, are just weak by today’s standards.

Now imagine, taking that idea to the next level and not focusing on the simple gestures but taking the raw data of the resource underneath that gesture. The same paradigm of ‘hot spot’ indications can be used. In doing so the key becomes highly complex in that it is now not just a small sequence of indicators but a far larger set of binary data in the 10s to 100s of kilobytes. Bear in mind the sequence used to select the ‘hotspots’ or segments is also important as the key is developed from the raw resource data in the same selection sequence.

Such a complex key can now be used to highly encrypt data and yet still be easily memorized by the user since they are using memory mnemonics that are relevant to themselves.

Take this one step further and allow the user to utilize multiple images from multiple sources. You have just increased the complexity of the possible keys exponentially.

Take this another step further and allow the user to utilize ANY type of resource as mentioned earlier: images, documents, audio clips, video clips, etc. Literally any digital resource that can be presented to the user in a usable way can be used to generate said complex, yet memorable keys.

Such a system of key generation and authentication is:

  1. very simple to use

  2. is based on the user

  3. is oriented on resources

  4. is a segment driven architecture

Such a system is…SUBROSA© a Simple, User Based, Resource Oriented,Segmentation Architecture. SUBROSA© is our new patent pending product that solves this dilemma and serious vulnerability. While the user will only need to remember a few segments of memorable impressions, the potential hacker will only see the long cryptographic key (Four memorable segments from the user translates to pages of complex keys like below to a potential hacker)


The age of the alpha-numerical password has ended…

See Richard Blechs other articles on SecureChannels.com

View the original article by Richard Blech here.

#Irvine #SUBROSA #Patent #CyberSecurity #RichardBlech #authentication #passwords #Encryption #patentedencryption #SecureChannels

Secure Channels BRINGS to market data encryption, cryptographic protocols, and access control/ privileged access/ user authentication technologies in the form of licensable tools, end user platforms and purpose-built solutions, SERVING software & application developers, hardware OEM and device manufacturers, and enterprise organizations, WHO place a premium on cybersecurity, risk reduction, and operational performance benefits or competitive differentiation provided, ALLOWING them to replace, augment, or introduce to new cryptography into their products or environments, PROVIDING material and measurable cybersecurity protections, risk reduction and data breach mitigation.

Secure Channels Inc. 

2102 Business Center Drive, Suite 130  |  Irvine, CA 92612  |  T: (949) 208-7525  |  E: contact@securechannels.com

Follow us!

  • Facebook
  • LinkedIn
  • Twitter

Copyright © 2020 Secure Channels Inc. All rights reserved