Browse Prior Art Database

Method for Conditional Revoke of User Passwords

IP.com Disclosure Number: IPCOM000181043D
Original Publication Date: 2009-Mar-24
Included in the Prior Art Database: 2009-Mar-24
Document File: 3 page(s) / 69K

Publishing Venue

IBM

Abstract

Many current password protected systems revoke a userid when multiple attempts are detected to log in with an invalid password. This behaviour leads to unnecessary lockout in some situations. This article proposes an improved behaviour for those situations.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 51% of the total text.

Page 1 of 3

Method for Conditional Revoke of User Passwords

Problem

In the context of password protected access mechanisms, there is an inherent risk that unauthenticated users may gain unauthorized access by guessing and/or systematically trying variations for someone else's userid/password combination. To minimize the risk that guessing a password may succeed, prior art systems count the number of repeated invalid attempts specifying a password; after reaching a particular threshold of invalid attempts, the userid and password is locked so even attempts with the valid password will fail until a well-defined mechanism for unlocking the userid/password combination has happened.

To handle the problem that even authenticated users may accidentally locked out themselves due to accumulated occurrence of accidental invalid specification of the password (e.g. mistyping the password once a week), prior art systems do reset the counter for the number of repeated invalid attempts to zero as soon as the correct password was entered once.

This password locking mechanism occasionally interferes with the policy that forces users to change their password after some defined time interval (e.g. 30 day, 60 days, 90 days), for two reasons:
the authorized user accidentally types the old password for authentication

1.

because he/she is still used to type the password rather than used to the new password;
an automated mechanism that does an authentication in batch mode may still

2.

use the previous password and retry this several times on failure.

Thus, it is a known complication that after a password change, the us...