Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Method to provide redundancy in the password

IP.com Disclosure Number: IPCOM000019927D
Original Publication Date: 2003-Oct-10
Included in the Prior Art Database: 2003-Oct-10
Document File: 1 page(s) / 37K

Publishing Venue

IBM

Abstract

When logging in to an account there is always a possibility of keystrokes being recorded which can cause others to get access to the login id and password.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 94% of the total text.

Page 1 of 1

Method to provide redundancy in the password

Shown is a way to have redundancy [through variable positioning of the redundant character] within the password. The example below explains how this works.

Let's assume the login ID to be foo for which the password is hello. Now the feature of providing redundancy in the password is enabled and also set a method of providing hint about this in its own subtle way. Let's assume the hint for redundancy has been set as the number of " ' " to be used in the login prompt. after username.

login: foo foo ' s Password:

In this there is " ' " which default so the password will be "hello" to get access. But if the prompt was as given below

login: foo foo ''' s Password:

This means every third character is redundant. So the following password is given "hel o lo" to get access.

login: foo foo '' s Password:

This means every second character is redundant. Any of the following passwords "h o e o l o l o o" or "h 4 e d l 9 l 5 o" will allow access.

Since this method is user configurable the user has the option of coming up with their own method of redundancy and hint for this mechanism to work. For example most of existing operating systems .logout file contains the location of the hint and the method to generate redundancy [random/user specified at logout]. The hint can be placed in the "herald" which the initial message printed out for a login prompt. A simpler but less secure way is to specify the position of the redundancy charact...