Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Method for improved security of web-browser application password protection

IP.com Disclosure Number: IPCOM000124451D
Original Publication Date: 2005-Apr-21
Included in the Prior Art Database: 2005-Apr-21
Document File: 3 page(s) / 103K

Publishing Venue

IBM

Abstract

Many websites ask the user to enter character fragments of their password in order to gain access to private information. It is commonplace that the website will enforce the user to select their password from a drop-down menu and disable the ability to enter a character through the keyboard. This is because it is easy to detect keyboard presses through a lightweight background process and thus become aware of a user's password. This problem is not fully resolved as a user can still use their keyboard to scroll up and down through the character selection, or use their mouse, and given a known starting position the character can be ascertained. This article details a method by which the starting position will be altered, while still keeping the entry system easy to use for the user.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 52% of the total text.

Page 1 of 3

Method for improved security of web -browser application password protection

Online services such as internet banking often have a number of security procedures in place that a user must pass before they can gain access to their private information. One such security feature involves use of a memorable word, where the user is asked to enter some of the letters of that word before they can proceed. For example they may be asked to enter letters 1,3,6 of a six letter word. In order to reduce security risks, the user is asked to select the individual characters from a drop-down list, and not type in the character using their keyboard. This is because it is easy for spyware or related technology to intercept their keyboard input and discover their password. The problem is only partially solved as keyboard cursor scrolls and mouse movement would allow the password characters to be determined with the knowledge of the character selection starting point and the selection habits of the user. An example of the kind of screen that the user may be presented with is shown below.

figure 1

    The letters and characters from each drop-down menu are represented in alphabetical order, so that it is easy to quickly navigate to the appropriate character (as demonstrated in figure 1). However the starting position for the characters in the drop-down menu could be altered according to a random cypher that would mean that intercepting mouse movements, clicks and cursor presses would no lon...