Browse Prior Art Database

(RSS) Increase traditional password security with temporal data

IP.com Disclosure Number: IPCOM000030638D
Original Publication Date: 2004-Aug-20
Included in the Prior Art Database: 2004-Aug-20
Document File: 1 page(s) / 22K

Publishing Venue

IBM

Abstract

Increasing traditional password security with temporal data

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 89% of the total text.

Page 1 of 1

(RSS) Increase traditional password security with temporal data

     This publication proposes capturing metrics of traditional password entry (e.g. the period between key presses, etc) to use as additional authentication criteria. When the user first creates a password, the temporal element will be ignored but tracked. Generally, as a user becomes accustomed to a password, they develop a distinct pattern to its entry. The authentication software will detect this developing pattern and, at a certain level of pattern recognition, begin to use the temporal data to enforce the authentication. This authentication enforcement threshold can also be agreed upon by the user and the software. In cases in which the user can no longer enter the password (e.g. hand injury) at the required consistency, the system administration can disable the requirement without compromising the password.

     Advantages of this technology: - No new hardware will be required for this feature since USB and PS/2 keyboard are "pollable" at about 4 ms interval which is sufficient to detect inconsistencies in the human typing rate. - No new training required to use this technology (i.e. people naturally obtain password entry patterns). - Brute force password attacks become more difficult by orders of magnitude - Users aware of the technology can leverage it to generate difficult to crack passwords (e.g. by waiting a 4 sec before pressing the last letter -- a brute force attack would be virtually impossible...