Expanded Password System: What can we expect from a password system that accepts images in addition

to characters, particularly the images of episodic memory?

The answer is the ability to volitionally manage many more passwords by our own remembrance.

Assuming that you somehow remember 5 high-entropy character passwords, you will now be able to keep

using those 5 strong passwords and, on top of it, you will also be able to manage many more firmly

remembered passwords in the form of the episodic-memory pictorial passwords.

We can remember and recall only 5 text passwords on average, not due to our silliness or laziness, but due to

the cognitive phenomenon called "Interference of Memory". Memories of numbers and characters, which

contain very limited information, are subject to the severe interference of memory which causes terrible

confusions in what we remember, whereas the memories of images and pictures, particularly those of

episodic/autobiographic memories that contain a great deal of information with emotional feeling, are not.

This indicates that it would not be difficult for us to manage passwords well beyond 5 or 10 by our

remembrance.

The expanded password system that accepts images in addition to characters can be viewed as an enhanced

successor to characters-only password systems on its own when we make sure that confidentiality is not lost

in view of the attacks like shoulder surfing and social engineering. Such EPS can be easily practiced by the

IT-illiterate elderly at one end, the soldiers caught in panic on the battleground at the other and a number of

businesspeople who need to cope with dozens of accounts each requiring unique passwords in the middle.

Furthermore, the expanded password system (EPS) will enable us to see truly powerful multi-factor

authentications with a strong unique password being used as one of the factors for all different accounts,

whether indoor or outdoor. The EPS would also enable us to see the decentralized ID federations with a

strong unique password being used as the master-password for each of single-sign-on services and password

management tools. With the EPS used for fallback-passwords, biometric solutions could offer good

convenience without much sacrificing the confidentiality. The outcome will be the most highly assured

identity achieved through the most reliable “shared secrets”.

That the users can retain the textual passwords as before while they expand their password memory to

include the non-textual passwords without being impeded by the cognitive effect of “interference of memory”

means that it is extremely difficult to imagine such users who suffer disadvantage or inconvenience by

taking up the EPS

Humans are generally thousands times better at dealing with image memories than character memories -.

The former has the history of hundreds of millions of years while the latter’s history is less than a fraction of

it. However mathematically strong a high-entropy character password may appear, it is a pie in the sky if it

is impracticable. Now that CPUs are fast enough, bandwidths broad enough, memory storages cheap

enough and superb cameras built in most of the mobile devices, I wonder what merits we have for reliable

identity assurance in sticking to confining ourselves in the narrow corridor of character memories.