Browse Prior Art Database

System and Method for Password Security Using Dynamically Created Password Portions

IP.com Disclosure Number: IPCOM000246650D
Publication Date: 2016-Jun-24
Document File: 2 page(s) / 22K

Publishing Venue

The IP.com Prior Art Database

Abstract

Disclosed is a method for augmenting static passwords with one or more portions that are dynamically calculated based on an algorithm specified when the password is created.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 51% of the total text.

Page 01 of 2

System and Method for Password Security Using Dynamically Created Password Portions

Current password policies have to strike a balance between two conflicting agendas: those of system administrators, and those of users. System security is improved through requirements such as minimum password length, special character requirements, and frequent expiration of passwords. However, each of these requirements tends to also make it more difficult for users to remember passwords. Effective methods are needed to balance the need for frequently changing passwords with the need for passwords that users can easily remember.

Some current solutions to dynamically generate a password, however generated, then require the user to remember the generated password, making it difficult for the user. There are also password-storing solutions that allow the user of a more complex set of questions to allow the user to retrieve the generated password, removing the user's need to remember the generated password, but likely reducing security, as these actual passwords have to be stored.

The novel contribution is a method for augmenting static passwords with one or more portions that are dynamically calculated based on an algorithm specified when the password is created. This approach provides a balance between the administrators' need for frequently expiring passwords and the users' need for some level of consistency to more easily remember passwords.

For example, a user's password might be defined as the static string "passw0rd", plus a number representing the number of days since a given date (e.g., the date the password was changed, a memorable birthday, etc.). Under such a system, the correct password automatically changes every day, increasing security, while remaining easy for a user to remember compared to a traditional static password.

This is clearly a trivial example, leading to a predictably changing password; however, more interesting and secure algorithms are easily imaginable. The dynamic portion might instead be "today's forecast high temperature for Honolulu" or "the second, fourth, and sixth letter of the day of the week".

This augmentation does not remove the need for expiration of the password (both the static portion and the algorithm which generates the dynamic portion), though it may allow the interval to be increased.

In addition to the increased security afforded by having a frequently changing password, because a portion of the password is dynamic, the form in which the password is stored on the server necessarily differs from existing common representations. Rather than potentially being stored in a database or flat file as plaintext, or a salted or unsalted hash as a static password might be, a dynamically augmented password requires additional and more complex methods of storage be...