Browse Prior Art Database

A lightweight system to obsucre passwords on websites Disclosure Number: IPCOM000244932D
Publication Date: 2016-Feb-02
Document File: 1 page(s) / 40K

Publishing Venue

The Prior Art Database


An invention to allow people logging onto a website to create a one time tempoary password through manipulating the URL, thus minimising the risk of stolen passwords.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 80% of the total text.

Page 01 of 1

A lightweight system to obsucre passwords on websites

Most passwords are vulnerable to man looking over your shoulder attacks. the idea herein is a method for websites to protect against these by providing a way of easily creating one-time passwords without needing specialised software.

    The core idea of the idea is to use the URL a user connects to as a component of the password. Since many websites will redirect users to the login page it would be normal behaviour to connect to a different page and thus it would not raise suspicion.

When the user connects to a website like the website will redirect them to but it will remember that they first connected to category1/page1. The website will then use a rule to create a new temporary password - for example: append even letters on the last part of the url to the user's password. So the user's password changes from "password123" to "password123ae".

    An attacker who does not know that this system is in place would and was able to uncover the password "password123ae" would be unaware that this is not the true password.

    Once this system is in place the sysadmin could use it to develop more in depth rules. For example, they could forbid reusing passwords within a set time, make all logins where the user connected directly to fail, or just ensure that the rules are complex and hard to guess.

    Most techniques for preventing an over the shoulder attack involve ob...