Browse Prior Art Database

Secondary passwords on recognised devices Disclosure Number: IPCOM000246127D
Publication Date: 2016-May-10
Document File: 2 page(s) / 40K

Publishing Venue

The Prior Art Database


This publication details the use of two passwords for certain accounts to hamper shoulder surfing techniques. The secondary password will only be valid on recognised devices, so even if compromised an attacker will also need the device to access accounts.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 69% of the total text.

Page 01 of 2

Secondary passwords on recognised devices

When typing on a virtual keyboard, feedback of the letters pressed is displayed on the screen. This makes it easy for others to obtain password information through over-the-shoulder attacks (referred to as shoulder surfing). This invention consists
of a separate password for all recognised devices which can then be integrated in a simple manner with current prevention techniques of shoulder surfing . The advantage is that even if the password is obtained through shoulder surfing, the account cannot be accessed with the obtained password unless using a recognised device. Should an attacker obtain a secondary password, the only way to access the account is to also obtain access to a recognised device severely limiting the attacker.

    The device will be classed as recognised when the user logs in with the standard password and registers the device. The secondary password will be prompted for and, once inputted, will be available to use whilst on all registered

devices. The operations for detecting a device and its identity are already available.

    When a user submits a password, the first thing to check will be if the device is a registered device. If the device is registered, the password will then be verified against an additional set of passwords. This additional set will consist of, but is not limited to, the password for all devices and the password for all registered devices.

    When using a registered device, the user should...