Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Enhanced Security by Empowering Password Dictionary through social network and public collaborative information

IP.com Disclosure Number: IPCOM000225687D
Publication Date: 2013-Feb-26
Document File: 5 page(s) / 58K

Publishing Venue

The IP.com Prior Art Database

Abstract

Disclosed is a method to enhance the existing password checking framework by enhancing the password dictonary based on individual's social internet / web profile.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 33% of the total text.

Page 01 of 5

Enhanced Security by Empowering Password Dictionary through social network and public collaborative information

With the drastic migration of sensitive data from traditional personal storage devices to community / public cloud environments, it gave a necessity to rethink about the existing security

provisions provided by cloud. Apart from all other security mechanisms / practices, password based authorization is one of the widely practiced and easiest for implementation in the IT world.

The traditional password configurations enforce multiple policies within a domain such as ;


1. Provided password has to meet minimum password length.


2. Provided password has to meet maximum password age.


3. Provided password has to meet minimum password age.


4. Provided password has to contain a minimum of 8 characters (few applications demand more than 8 characters) including capitals, numeric's, special symbols and should be a non-dictionary based one.


5. Provided password should not match with the password history.

In order to satisfy the above criteria, users tend to set a password that is easy to keep track of and in the event, they generally end up having such keywords (e.g. name of spouse / hobby / date of birth / kids name etc) in password which can be easy found / tracked via their internet / web profile.

Annoyingly the opted password (of course will pass the above criteria) but would resemble the user's publically available information or can be predicted from user's internet presence. Lack of this (internet profile) kind of information validation with the password dictionary creates a security pit hole.

Use cases:

Here are the few use cases that demonstrate that lack password / username validation with user's web presence information increases the probable chances of predicting the user's username as well as password.


- Consider a scenario where a person-X is fascinated towards 2 wheelers (Bikes). With his / her out of interest always talks and search for latest news related to them. Consider that person-X

1


Page 02 of 5

has posted his / her resume on a job search website that can be publically viewed upon searching with his / her name through search engine.From the interests / hobbies section present in the resume, others say person-Y (who has no relation with person-X) can come to an estimation that

person-X is highly fascinated towards bikes. Now with this assumption person-Y can tend to

perform a basic search over the person-X's comments posted public video watch domains and social network sites in order to identify person-X's favorite bike. This obtained result can be one of the person-X's potential password.


- Consider a scenario where a person-X is fascinated towards games. With his / her interest they always tend to exhibit their gaming names (such as dark shadow, silent killer, master mind etc) in internet community environment. This gaming name can be one of the person-X's potential username / password.

Hence from the above s...