Browse Prior Art Database

Program and Method to Generate Passwords Based on a Memorable Key that Conforms to Policies

IP.com Disclosure Number: IPCOM000031270D
Original Publication Date: 2004-Sep-20
Included in the Prior Art Database: 2004-Sep-20
Document File: 1 page(s) / 38K

Publishing Venue

IBM

Abstract

This article describes a program and method to generate passwords that conforms to policies. Users are required to enter a simple, memorable piece of information coupled with either a time-of-day seed or another memorable time component.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 70% of the total text.

Page 1 of 1

Program and Method to Generate Passwords Based on a Memorable Key that Conforms to Policies

Disclosed is a program that takes textual input (such as a passphrase) and produces a password that conforms with configurable password policy rules. The user only needs to remember the passphrase; the application generates the password based on a hash algorithm that conforms to those rules.

Computer users are increasingly required to remember more and longer passwords, and those passwords are required to conform to varying password policies. This usually results in users resorting to writing them down somewhere, decreasing the security value that passwords were intended to raise. Solutions like the various "Single Sign-on" products throughout history have tried to solve the problem by storing dictionaries of credentials, associating them with resources.

The application would take a few forms of input: a passphrase and optionally a time or date element serving as a random number generator seed. The time element would keep malicious users from co-opting the hash algorithm for use in a dictionary attack against secured resources. The time/date element could be a birthday or a simple time-of-day. The passphrase (and optionally the time/date element) would be the pieces of information the user would have to remember.

The application would be capable of understanding default password policy rules (i.e. password must be between 6 and 8 characters, no more than 3 consecutive same...