Browse Prior Art Database

Method and System for transparently updating an Expired Password

IP.com Disclosure Number: IPCOM000197212D
Publication Date: 2010-Jun-28
Document File: 4 page(s) / 63K

Publishing Venue

The IP.com Prior Art Database

Abstract

A method and system for transparently updating an expired password is disclosed. When a user's password has expired, the user is notified about the expiration of the password. Thereafter, the user is allowed to enter an existing password stored in the buffers that is eligible for reuse or commence with the old reset-my-password process.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 56% of the total text.

Page 1 of 4

Method and System for transparently updating an Expired Password

Disclosed is a method and system for transparently updating an expired password. The method involves allowing a user to enter an existing password that is stored in the buffer that is eligible for reuse when a password of the user expires. Thus, in this case, authentication providers may store the user's previously used passwords for example, last used 4 passwords, in a backend store database.

In an embodiment, the user's previously used passwords may be hashed and stored in the backend store database and a Last-in First-out (LIFO) queue or an arbitrarily ordered list of passwords method may be performed. For example, a password of the user may be stored in the following format in the backend store database:

first name Dustin
last name Kirkland
building 902
...
password a123
pwdexpiry 2007-04-17 no-reuse-queue b123, c123, d123, e123 usable-list f123, g123, ..., z123

In this case, if the user tries to log into user's account using current password, the user is notified that password 'a123' has expired since the current

_

                                            timestamp for the password is 2007-04-17. The user may be given a conventional option to reset user's password, or the user can enter one of user's existing passwords available for reuse. In an instance, the system may not allow the user to reuse last 4 passwords of the user. In such a scenario, the user enters a new password, and the method checks the new password in a no-reuse-queue stored in the backend store database. If the password matches that list (eg. c123), the user is notified that the user cannot reuse that password yet. However, if the new password entered by the user is in the usable-list (eg. g123), the method may push "a123" onto an end of the no-reuse-queue and then update password "g123" as the new password. Thereafter, the password expiry period for this new password is set as += 90 days. Then, password b123 is popped off the front of the no-reuse-queue and inserted into the usable-list. Thus, the b123 can be used again.

The usable list of passwords may be built over time as the user has to reset user's password a number of times. Further, an interface in a user

_

                                       options page may provide the user the capability of populating the...