Browse Prior Art Database

A method to protect strong password leaks on insecure websites

IP.com Disclosure Number: IPCOM000244454D
Publication Date: 2015-Dec-13
Document File: 4 page(s) / 84K

Publishing Venue

The IP.com Prior Art Database

Abstract

This idea is to use the URL of website to hash/scramble login credential in preventing sensitive information leaking on weak site when user login an insecure site with strong password. User could benifit from 1) single password is transformed in different sites 2) strong password is not revealed with this put client solution.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 100% of the total text.

Page 01 of 4

A method to protect strong password leaks on insecure websites

We are usually asked for strong password as credential in secured website. However, the strong password might be tried and leak on a if you forget the password for the weak-secured website. Therefore,
1) User could mistakenly enter a strong password of a secure site when attempting to login an insecure site. 2) Password leaking on one weak site may allow access to sensitive information on another secure site.

Core ideais to use the URL of website to hash/scramble login credential in preventing sensitive information leaking on weak site. Advantages:
1) Single password can be transformed to various user credentials in different websites.

2) The strong password of a secure site is not revealed to insecure site.

3) Pure client solution without affecting server implementation.

1


Page 02 of 4

2


Page 03 of 4

#1User terminal for password-based authentication, and password-based trading terminal, system, and method :It used NFC

3


Page 04 of 4

(near field communication) technology in preventing password leaking. But our idea is to do the same thing by hashing password first and then separate password from ID.
#2 System and method for end to end encryption: Extra actions are needed in server side to provide client a unique value first in this solution. On the contrary, our idea is simply client side solution in preventing password leaking.

4