METHOD OF PRESENTING FEEDBACK TO USER OF CHANCES OF PASSWORD CRACKING, AS THE PASSWORD IS BEING CREATED

US 20080307235A1
Filed: 06/08/2007
Published: 12/11/2008
Est. Priority Date: 06/08/2007
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving a password entry provided as a new password for enabling security access;

dynamically determining a level of security risk associated with the password entry; and

automatically providing feedback of the level of security risk associated with the password entry.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, system and computer program product for automatically displaying the potential risk associated with cracking a password. While creating or modifying a password, feedback is provided describing the risk associated with cracking the password. Risk assessment may be presented as a percentage, accompanied by an explanation of why the value was ascertained. Risk feedback during password creation provides an opportunity to improve computer, document, and file security.

Citations

20 Claims

1. A method comprising:
- receiving a password entry provided as a new password for enabling security access;
  
  dynamically determining a level of security risk associated with the password entry; and
  
  automatically providing feedback of the level of security risk associated with the password entry.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising:
    - displaying an interface for receiving the password entry and providing feedback about the password entry; and
      
      outputting, within the interface, the feedback of the level of security risk associated with the password entry.
  - 3. The method of claim 2, wherein said outputting further comprises:
    - providing the feedback as a percentage of risk;
      
      prompting for entry of a different password entry when the level of security risk of the password entry falls below a pre-set minimum security threshold;
      
      detecting changes in the password entry; and
      
      automatically adjusting the percentage when changes in the password entry is detected.
  - 4. The method of claim 2, wherein said outputting further comprises:
    - providing additional feedback corresponding to the level of security risk, said additional feedback including one or more of;
      
      (a) a security risk assessment rating of low, medium, and high, wherein the rating is determined according to the calculated risk assessment percentage;
      
      (b) an explanation of the security risk, wherein the cause associated with the risk factor is displayed; and
      
      (c) suggestions for improving the security of the assessed password.
  - 5. The method of claim 1, wherein said dynamically determining further comprises:
    - evaluating an arrangement and placement of characters within the password entry;
      
      comparing the password entry with one or more pre-established standard password specifications, which include one or more of (a) a minimum length of the password entry, (b) required numerical and alphabetical content of the password entry, (c) non-usage of identical characteristics within the password, and (d) usage and non-usage of specific symbols within the password entry; and
      
      prompting for modification of the password entry when the password entry does not satisfy the standard password specifications.
  - 6. The method of claim 1, wherein said dynamically determining further comprises:
    - accessing a database of domestic and foreign dictionary words;
      
      assessing the security risk associated with the password entry by comparing the password entry to domestic and foreign words within the database; and
      
      evaluating a match of the password entry within the database as indicative of a lower level of security.
  - 7. The method of claim 1, wherein said dynamically determining further comprises:
    - accessing a database of saved common character combinations from emails, files, and documents within a computer system; and
      
      assessing the security risk associated with the password entry by comparing the password entry to the character combinations in the emails, files, and documents; and
      
      evaluating a match of the password entry with a character combination in the emails, files, and documents as indicative of a lower level of security.
  - 8. The method of claim 1, wherein said determining further comprises:
    - assessing the security risk associated with the password entry by comparing a use of symbol and number substitution in the password entry with pre-established and approved symbol and number substitutions and random configurations of the symbols and numbers.
  - 9. The method of claim 1, wherein said determining further comprises:
    - receiving a request to change a current password;
      
      opening a second interface for modifying a password;
      
      receiving an input of a current password to be changed and a new password entry; and
      
      outputting a security risk assessment for both the current password and the new password.

10. A computer program product comprising:
- a computer readable medium; and
  
  program code on the computer readable medium that when executed by a processor on a computer device provides the functions of;
  
  receiving a password entry provided as a new password for enabling security access;
  
  dynamically determining a level of security risk associated with the password entry; and
  
  automatically providing feedback of the level of security risk associated with the password entry.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The computer program product of claim 10, further comprising program code for:
    - displaying an interface for receiving the password entry and providing feedback about the password entry; and
      
      outputting, within the interface, the feedback of the level of security risk associated with the password entry, wherein said outputting includes;
      
      providing the feedback as a percentage of risk;
      
      prompting for entry of a different password entry when the level of security risk of the password entry falls below a pre-set minimum security threshold;
      
      detecting changes in the password entry; and
      
      automatically adjusting the percentage when changes in the password entry is detected.
  - 12. The computer program product of claim 11, further comprising program code for:
    - providing additional feedback corresponding to the level of security risk, said additional feedback including one or more of;
      
      (a) a security risk assessment rating of low, medium, and high, wherein the rating is determined according to the calculated risk assessment percentage;
      
      (b) an explanation of the security risk, wherein the cause associated with the risk factor is displayed; and
      
      (c) suggestions for improving the security of the assessed password.
  - 13. The computer program product of claim 10, wherein the program code for determining further comprises code for:
    - accessing a database of domestic and foreign dictionary words;
      
      assessing the security risk associated with the password entry by comparing the password entry to domestic and foreign words within the database; and
      
      evaluating a match of the password entry within the database as indicative of a lower level of security.
  - 14. The computer program product of claim 10, wherein the program code for determining further comprises code for:
    - accessing a database of saved common character combinations from emails, files, and documents within a computer system; and
      
      assessing the security risk associated with the password entry by comparing the password entry to the character combinations in the emails, files, and documents; and
      
      evaluating a match of the password entry with a character combination in the emails, files, and documents as indicative of a lower level of security.
  - 15. The computer program product of claim 10, the program code for determining further comprises code for:
    - receiving a request to change a current password;
      
      opening a second interface for modifying a password;
      
      receiving an input of a current password to be changed and a new password entry; and
      
      outputting a security risk assessment for both the current password and the new password.

16. An electronic device comprising:
- a processor component;
  
  an input/output (I/O) mechanism that enables entry of a password;
  
  a mechanism for outputting a security risk associated with the password; and
  
  a utility executing on the processor component and which comprises codes that enables completion of the following functions;
  
  receiving a password entry provided as a new password for enabling security access;
  
  dynamically determining a level of security risk associated with the password entry; and
  
  automatically providing feedback of the level of security risk associated with the password entry.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The electronic device of claim 16, wherein said utility further comprises code for:
    - displaying an interface for receiving the password entry and providing feedback about the password entry; and
      
      outputting, within the interface, the feedback of the level of security risk associated with the password entry, wherein said outputting includes;
      
      providing the feedback as a percentage of risk;
      
      prompting for entry of a different password entry when the level of security risk of the password entry falls below a pre-set minimum security threshold;
      
      detecting changes in the password entry; and
      
      automatically adjusting the percentage when changes in the password entry is detected.
  - 18. The electronic device of claim 17, said utility further comprising program code for:
    - providing additional feedback corresponding to the level of security risk, said additional feedback including one or more of;
      
      (a) a security risk assessment rating of low, medium, and high, wherein the rating is determined according to the calculated risk assessment percentage;
      
      (b) an explanation of the security risk, wherein the cause associated with the risk factor is displayed; and
      
      (c) suggestions for improving the security of the assessed password.
  - 19. The electronic device of claim 16, said code for dynamically determining further comprising program code for completing one or more of:
    - (a) accessing a database of domestic and foreign dictionary words;
      
      assessing the security risk associated with the password entry by comparing the password entry to domestic and foreign words within the database; and
      
      evaluating a match of the password entry within the database as indicative of a lower level of security;
      
      (b) accessing a database of saved common character combinations from emails, files, and documents within a computer system; and
      
      assessing the security risk associated with the password entry by comparing the password entry to the character combinations in the emails, files, and documents; and
      
      evaluating a match of the password entry with a character combination in the emails, files, and documents as indicative of a lower level of security; and
      
      (c) assessing the security risk associated with the password entry by comparing a use of symbol and number substitution in the password entry with pre-established and approved symbol and number substitutions and random configurations of the symbols and numbers.
  - 20. The electronic device of claim 16, wherein said program code for determining further comprises code for:
    - receiving a request to change a current password;
      
      opening a second interface for modifying a password;
      
      receiving an input of a current password to be changed and a new password entry; and
      
      outputting a security risk assessment for both the current password and the new password.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Keohane, Susann Marie, McBrearty, Gerald Francis, Shieh, Johnny Meng-Han, Mullen, Shawn Patrick, Murillo, Jessica Carol

Granted Patent

US 9,122,867 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/183
CPC Class Codes

G06F 21/46 by designing passwords or c...

METHOD OF PRESENTING FEEDBACK TO USER OF CHANCES OF PASSWORD CRACKING, AS THE PASSWORD IS BEING CREATED

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD OF PRESENTING FEEDBACK TO USER OF CHANCES OF PASSWORD CRACKING, AS THE PASSWORD IS BEING CREATED

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links