Browse Prior Art Database

System and method for measuring the strength of a users password based on users public information

IP.com Disclosure Number: IPCOM000210924D
Publication Date: 2011-Sep-16
Document File: 4 page(s) / 83K

Publishing Venue

The IP.com Prior Art Database

Abstract

A common problem with composing a new password for an account is that it does not measure the complexity of the password based on a users personal data. Currently the complexity of a users proposed password is defined by a static set of rules. These rules are based on password history, length, common words etc. Social networking sites for example contain public information about its users which might contain hints to the users password Current systems do no evaluate your password strength based on what information a user's account may contain. For instance a user is entering a new password for an account on a social network. The user's information is accessible to others based on the account holders privacy settings. The problem with the current systems is that the user's password is based on something that the user already knows, for example a phone number or an interest that the user might have. The user's password contains information that the user will never forget. When the user enters in this password, the password is accepted because it is not a common word or has never been used before. The user feels reassured that the password strength is strong even though the password is within the user's account. This weakness in the system can lead to accounts being compromised by malicious users. With social networking sites becoming more popular, the users of these sites are providing more information about themselves. They are providing this information by communicating with other people and also adding more information to their accounts. This proposed method accesses the user's information from the site in question. When the user enters a new password the user's stored information is searched. If the user's information contains the password or part of the password the user receives a warning based on that information. The solution helps the user select a secure password based on current password checks and the user's personal information based on the site. The proposed system could also be used to remove this personal data from the site in question so users searching for the password vulnerability cannot find it

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 54% of the total text.

Page 01 of 4

System and method for measuring the strength of a users password based on users public information

The proposed solution searches the user's data within the account while the user is creating a new password or updating their password. The new password is then measured against the user's current data. This will allow the user to create a password that does not contain any information linked to the user. The system will propose suggestions to the user while the password is being selected. If the user enters any information that is contained in the account the system will alert the user to this and the user can then either revise the password or remove this information from the site altogether.

    The advantages of this solution to other password checks is that it constantly reminds the user that the data contained on the site can be accessed by others and to not use passwords that other users can guess based on information they know about you. Other solutions check for common words within a dictionary or where keys are located on a keyboard but this solution checks the user's actual data within the site and highlights this vulnerability to the user. It is actively teaching the user that strong passwords are based on information that others do not know.

    For example, the user enters in the name of the road where the user lives. The system will inform the user that this password contains information based on the user's current location. The system does this by locating the password within a section of the account. The system will then inform the user that this is already in the user's account and state what section that data is contained within the account.

    John Doe uses a social networking site to talk to friends, family members and other users that are registered on the site. John's page contains personal information which is viewable by everyone on the site. John's page contains information such as how to contact him, where John lives, people his is related to, what hobbies and interests John has. Due to a breach on the...