Using a strong password does help a lot even against the attack of cracking the leaked/stolen hashed passwords back to the original passwords. The problem is that few of us can firmly remember many such strong passwords.　 It is like we cannot run as fast and far as horses however strongly urged we may be. We are not built like horses. It is too obvious that the conventional alphanumeric password alone can no longer sustain the need of the age and we urgently require a successor to it, which should be found from among the broader family of the passwords and the likes.

1. Expanded Password System: What can we expect from a password system that accepts images in addition
to characters, particularly the images of episodic memory?
The answer is the ability to volitionally manage many more passwords by our own remembrance.
Assuming that you somehow remember 5 high-entropy character passwords, you will now be able to keep
using those 5 strong passwords and, on top of it, you will also be able to manage many more firmly
remembered passwords in the form of the episodic-memory pictorial passwords.
We can remember and recall only 5 text passwords on average, not due to our silliness or laziness, but due to
the cognitive phenomenon called "Interference of Memory". Memories of numbers and characters, which
contain very limited information, are subject to the severe interference of memory which causes terrible
confusions in what we remember, whereas the memories of images and pictures, particularly those of
episodic/autobiographic memories that contain a great deal of information with emotional feeling, are not.
This indicates that it would not be difficult for us to manage passwords well beyond 5 or 10 by our
remembrance.
The expanded password system that accepts images in addition to characters can be viewed as an enhanced
successor to characters-only password systems on its own when we make sure that confidentiality is not lost
in view of the attacks like shoulder surfing and social engineering. Such EPS can be easily practiced by the
IT-illiterate elderly at one end, the soldiers caught in panic on the battleground at the other and a number of
businesspeople who need to cope with dozens of accounts each requiring unique passwords in the middle.
Furthermore, the expanded password system (EPS) will enable us to see truly powerful multi-factor
authentications with a strong unique password being used as one of the factors for all different accounts,
whether indoor or outdoor. The EPS would also enable us to see the decentralized ID federations with a
strong unique password being used as the master-password for each of single-sign-on services and password
management tools. With the EPS used for fallback-passwords, biometric solutions could offer good
convenience without much sacrificing the confidentiality. The outcome will be the most highly assured
identity achieved through the most reliable “shared secrets”.
That the users can retain the textual passwords as before while they expand their password memory to
include the non-textual passwords without being impeded by the cognitive effect of “interference of memory”
means that it is extremely difficult to imagine such users who suffer disadvantage or inconvenience by
taking up the EPS
Humans are generally thousands times better at dealing with image memories than character memories -.
The former has the history of hundreds of millions of years while the latter’s history is less than a fraction of
it. However mathematically strong a high-entropy character password may appear, it is a pie in the sky if it
is impracticable. Now that CPUs are fast enough, bandwidths broad enough, memory storages cheap
enough and superb cameras built in most of the mobile devices, I wonder what merits we have for reliable
identity assurance in sticking to confining ourselves in the narrow corridor of character memories.