System and method for determining relative strength and crackability of a user's security password in real time

US 7,685,431 B1
Filed: 03/20/2000
Issued: 03/23/2010
Est. Priority Date: 03/20/2000
Status: Expired due to Term

First Claim

Patent Images

1. A method of evaluating a potential password comprising:

accessing a potential password for a user having multiple characters;

identifying, from among at least a numeric character type, a lowercase letter character type, an uppercase letter character type, and a nonalphanumeric character type, character types that correspond to the multiple characters included in the potential password;

detecting variations in the identified character types that correspond to the multiple characters included in the potential password by;

detecting whether the potential password includes at least one numeric character,detecting whether the potential password includes at least one lowercase letter character,detecting whether the potential password includes at least one uppercase letter character, anddetecting whether the potential password includes at least one nonalphanumeric character;

determining a total number of the multiple characters included in the potential password;

determining a number of repeated characters included in the multiple characters included in the potential password;

computing a measure that reflects the number of repeated characters relative to the total number of the multiple characters included in the potential password;

computing, by at least one computer and based on the detected variations in the identified character types and the computed measure that reflects the number of repeated characters relative to the total number of the multiple characters included in the potential password, a numeric value that corresponds to an amount of time estimated for cracking the potential password by;

modifying the numeric value in a manner that increases an amount of time estimated for cracking the potential password conditioned on detecting that the potential password includes at least one numeric character,modifying the numeric value in a manner that increases an amount of time estimated for cracking the potential password conditioned on detecting that the potential password includes at least one lowercase letter character,modifying the numeric value in a manner that increases an amount of time estimated for cracking the potential password conditioned on detecting that the potential password includes at least one uppercase letter character,modifying the numeric value in a manner that increases an amount of time estimated for cracking the potential password conditioned on detecting that the potential password includes at least one nonalphanumeric character, andmodifying the numeric value as a function of the computed measure that reflects the number of repeated characters relative to the total number of the multiple characters included in the potential password; and

making perceivable information as an indication of strength for the potential password based on the computed numeric value.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

System and method for determining crackability of a password in real time. The system and method include and involve a server system that serves a software package, and a client system that is coupled to the server system. The client system is configured to receive the software package. The software package includes a password entry facility permitting a user to enter a password candidate string one character at a time, and a strength determination facility configured to communicate with the password entry facility and to determine the crackability of the password candidate in real time repeatedly as each character of the password candidate string is entered into the password entry facility.

49 Citations

View as Search Results

27 Claims

1. A method of evaluating a potential password comprising:
- accessing a potential password for a user having multiple characters;
  
  identifying, from among at least a numeric character type, a lowercase letter character type, an uppercase letter character type, and a nonalphanumeric character type, character types that correspond to the multiple characters included in the potential password;
  
  detecting variations in the identified character types that correspond to the multiple characters included in the potential password by;
  
  detecting whether the potential password includes at least one numeric character,detecting whether the potential password includes at least one lowercase letter character,detecting whether the potential password includes at least one uppercase letter character, anddetecting whether the potential password includes at least one nonalphanumeric character;
  
  determining a total number of the multiple characters included in the potential password;
  
  determining a number of repeated characters included in the multiple characters included in the potential password;
  
  computing a measure that reflects the number of repeated characters relative to the total number of the multiple characters included in the potential password;
  
  computing, by at least one computer and based on the detected variations in the identified character types and the computed measure that reflects the number of repeated characters relative to the total number of the multiple characters included in the potential password, a numeric value that corresponds to an amount of time estimated for cracking the potential password by;
  
  modifying the numeric value in a manner that increases an amount of time estimated for cracking the potential password conditioned on detecting that the potential password includes at least one numeric character,modifying the numeric value in a manner that increases an amount of time estimated for cracking the potential password conditioned on detecting that the potential password includes at least one lowercase letter character,modifying the numeric value in a manner that increases an amount of time estimated for cracking the potential password conditioned on detecting that the potential password includes at least one uppercase letter character,modifying the numeric value in a manner that increases an amount of time estimated for cracking the potential password conditioned on detecting that the potential password includes at least one nonalphanumeric character, andmodifying the numeric value as a function of the computed measure that reflects the number of repeated characters relative to the total number of the multiple characters included in the potential password; and
  
  making perceivable information as an indication of strength for the potential password based on the computed numeric value.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 wherein:
    - modifying the numeric value in a manner that increases an amount of time estimated for cracking the potential password conditioned on detecting that the potential password includes at least one numeric character comprises modifying the numeric value using a first weighting factor;
      
      modifying the numeric value in a manner that increases an amount of time estimated for cracking the potential password conditioned on detecting that the potential password includes at least one lowercase letter character comprises modifying the numeric value using a second weighting factor that is greater than the first weighting factor;
      
      modifying the numeric value in a manner that increases an amount of time estimated for cracking the potential password conditioned on detecting that the potential password includes at least one uppercase letter character comprises modifying the numeric value using the second weighting factor; and
      
      modifying the numeric value in a manner that increases an amount of time estimated for cracking the potential password conditioned on detecting that the potential password includes at least one nonalphanumeric character comprises modifying the numeric value using a third weighting factor that is greater than the first weighting factor and the second weighting factor.
  - 3. The method of claim 1 wherein computing the measure that reflects the number of repeated characters relative to the total number of the multiple characters included in the potential password comprises subtracting the number of repeated characters from the total number of the multiple characters included in the potential password.
  - 4. The method of claim 1 wherein modifying the numeric value as a function of the computed measure that reflects the number of repeated characters relative to the total number of the multiple characters included in the potential password comprises modifying the numeric value based on a calculation that uses the computed measure as an exponent.
  - 5. The method of claim 4 wherein modifying the numeric value based on a calculation that uses the computed measure as an exponent comprises computing a first value based on the detected variations in the identified character types and raising the first value to a power of the computed measure.
  - 6. The method of claim 1 further comprising:
    - enabling the user to change the potential password;
      
      receiving user input resulting in a modified potential password; and
      
      updating the perceivable information to reflect an indication of strength of the modified potential password.
  - 7. The method of claim 6 further comprising updating the perceivable information to reflect an indication of strength of the modified potential password comprises updating the perceivable indication each time the user enters user input resulting in a modified potential password.
  - 8. The method of claim 1 further comprising conditioning acceptance of the potential password as the user'"'"'s password upon comparison of a strength of the potential password against a threshold.
  - 9. The method of claim 8 wherein conditioning acceptance of the potential password as the user'"'"'s password upon comparison of the strength of the potential password against the threshold comprises denying selection of the potential password as the user'"'"'s password in response to a determination that the strength of the potential password does not exceed the threshold.

10. At least one storage device having stored thereon executable instructions that when executed by at least one computer cause the at least one computer to perform operations comprising:
- accessing a potential password for a user having multiple characters;
  
  identifying, from among at least a numeric character type, a lowercase letter character type, an uppercase letter character type, and a nonalphanumeric character type, character types that correspond to the multiple characters included in the potential password;
  
  detecting variations in the identified character types that correspond to the multiple characters included in the potential password by;
  
  detecting whether the potential password includes at least one numeric character,detecting whether the potential password includes at least one lowercase letter character,detecting whether the potential password includes at least one uppercase letter character, anddetecting whether the potential password includes at least one nonalphanumeric character;
  
  determining a total number of the multiple characters included in the potential password;
  
  determining a number of repeated characters included in the multiple characters included in the potential password;
  
  computing a measure that reflects the number of repeated characters relative to the total number of the multiple characters included in the potential password;
  
  computing, based on the detected variations in the identified character types and the computed measure that reflects the number of repeated characters relative to the total number of the multiple characters included in the potential password, a numeric value that corresponds to an amount of time estimated for cracking the potential password by;
  
  modifying the numeric value in a manner that increases an amount of time estimated for cracking the potential password conditioned on detecting that the potential password includes at least one numeric character,modifying the numeric value in a manner that increases an amount of time estimated for cracking the potential password conditioned on detecting that the potential password includes at least one lowercase letter character,modifying the numeric value in a manner that increases an amount of time estimated for cracking the potential password conditioned on detecting that the potential password includes at least one uppercase letter character,modifying the numeric value in a manner that increases an amount of time estimated for cracking the potential password conditioned on detecting that the potential password includes at least one nonalphanumeric character, andmodifying the numeric value as a function of the computed measure that reflects the number of repeated characters relative to the total number of the multiple characters included in the potential password; and
  
  making perceivable information as an indication of strength for the potential password based on the computed numeric value.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The at least one storage device of claim 10 wherein:
    - modifying the numeric value in a manner that increases an amount of time estimated for cracking the potential password conditioned on detecting that the potential password includes at least one numeric character comprises modifying the numeric value using a first weighting factor;
      
      modifying the numeric value in a manner that increases an amount of time estimated for cracking the potential password conditioned on detecting that the potential password includes at least one lowercase letter character comprises modifying the numeric value using a second weighting factor that is greater than the first weighting factor;
      
      modifying the numeric value in a manner that increases an amount of time estimated for cracking the potential password conditioned on detecting that the potential password includes at least one uppercase letter character comprises modifying the numeric value using the second weighting factor; and
      
      modifying the numeric value in a manner that increases an amount of time estimated for cracking the potential password conditioned on detecting that the potential password includes at least one nonalphanumeric character comprises modifying the numeric value using a third weighting factor that is greater than the first weighting factor and the second weighting factor.
  - 12. The at least one storage device of claim 10 wherein computing the measure that reflects the number of repeated characters relative to the total number of the multiple characters included in the potential password comprises subtracting the number of repeated characters from the total number of the multiple characters included in the potential password.
  - 13. The at least one storage device of claim 10 wherein modifying the numeric value as a function of the computed measure that reflects the number of repeated characters relative to the total number of the multiple characters included in the potential password comprises modifying the numeric value based on a calculation that uses the computed measure as an exponent.
  - 14. The at least one storage device of claim 13 wherein modifying the numeric value based on a calculation that uses the computed measure as an exponent comprises computing a first value based on the detected variations in the identified character types and raising the first value to a power of the computed measure.
  - 15. The at least one storage device of claim 10 wherein the operations further comprise:
    - enabling the user to change the potential password;
      
      receiving user input resulting in a modified potential password; and
      
      updating the perceivable information to reflect an indication of strength of the modified potential password.
  - 16. The at least one storage device of claim 15 wherein the operations further comprise updating the perceivable information to reflect an indication of strength of the modified potential password comprises updating the perceivable indication each time the user enters user input resulting in a modified potential password.
  - 17. The at least one storage device of claim 10 wherein the operations further comprise conditioning acceptance of the potential password as the user'"'"'s password upon comparison of a strength of the potential password against a threshold.
  - 18. The at least one storage device of claim 17 wherein conditioning acceptance of the potential password as the user'"'"'s password upon comparison of the strength of the potential password against the threshold comprises denying selection of the potential password as the user'"'"'s password in response to a determination that the strength of the potential password does not exceed the threshold.

19. A data processing system comprising:
- at least one processing unit; and
  
  a data storage facility coupled to the at least one processing unit having executable instructions stored thereon which, when executed by the at least one processing unit, cause the at least one processing unit to perform operations comprising;
  
  accessing a potential password for a user having multiple characters;
  
  identifying, from among at least a numeric character type, a lowercase letter character type, an uppercase letter character type, and a nonalphanumeric character type, character types that correspond to the multiple characters included in the potential password;
  
  detecting variations in the identified character types that correspond to the multiple characters included in the potential password by;
  
  detecting whether the potential password includes at least one numeric character,detecting whether the potential password includes at least one lowercase letter character,detecting whether the potential password includes at least one uppercase letter character, anddetecting whether the potential password includes at least one nonalphanumeric character;
  
  determining a total number of the multiple characters included in the potential password;
  
  determining a number of repeated characters included in the multiple characters included in the potential password;
  
  computing a measure that reflects the number of repeated characters relative to the total number of the multiple characters included in the potential password;
  
  computing, based on the detected variations in the identified character types and the computed measure that reflects the number of repeated characters relative to the total number of the multiple characters included in the potential password, a numeric value that corresponds to an amount of time estimated for cracking the potential password by;
  
  modifying the numeric value in a manner that increases an amount of time estimated for cracking the potential password conditioned on detecting that the potential password includes at least one numeric character,modifying the numeric value in a manner that increases an amount of time estimated for cracking the potential password conditioned on detecting that the potential password includes at least one lowercase letter character,modifying the numeric value in a manner that increases an amount of time estimated for cracking the potential password conditioned on detecting that the potential password includes at least one uppercase letter character,modifying the numeric value in a manner that increases an amount of time estimated for cracking the potential password conditioned on detecting that the potential password includes at least one nonalphanumeric character, andmodifying the numeric value as a function of the computed measure that reflects the number of repeated characters relative to the total number of the multiple characters included in the potential password; and
  
  making perceivable information as an indication of strength for the potential password based on the computed numeric value.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
- - 20. The system of claim 19 wherein:
    - modifying the numeric value in a manner that increases an amount of time estimated for cracking the potential password conditioned on detecting that the potential password includes at least one numeric character comprises modifying the numeric value using a first weighting factor;
      
      modifying the numeric value in a manner that increases an amount of time estimated for cracking the potential password conditioned on detecting that the potential password includes at least one lowercase letter character comprises modifying the numeric value using a second weighting factor that is greater than the first weighting factor;
      
      modifying the numeric value in a manner that increases an amount of time estimated for cracking the potential password conditioned on detecting that the potential password includes at least one uppercase letter character comprises modifying the numeric value using the second weighting factor; and
      
      modifying the numeric value in a manner that increases an amount of time estimated for cracking the potential password conditioned on detecting that the potential password includes at least one nonalphanumeric character comprises modifying the numeric value using a third weighting factor that is greater than the first weighting factor and the second weighting factor.
  - 21. The system of claim 19 wherein computing the measure that reflects the number of repeated characters relative to the total number of the multiple characters included in the potential password comprises subtracting the number of repeated characters from the total number of the multiple characters included in the potential password.
  - 22. The system of claim 19 wherein modifying the numeric value as a function of the computed measure that reflects the number of repeated characters relative to the total number of the multiple characters included in the potential password comprises modifying the numeric value based on a calculation that uses the computed measure as an exponent.
  - 23. The system of claim 22 wherein modifying the numeric value based on a calculation that uses the computed measure as an exponent comprises computing a first value based on the detected variations in the identified character types and raising the first value to a power of the computed measure.
  - 24. The system of claim 19 wherein the operations further comprise:
    - enabling the user to change the potential password;
      
      receiving user input resulting in a modified potential password; and
      
      updating the perceivable information to reflect an indication of strength of the modified potential password.
  - 25. The system of claim 24 wherein the operations further comprise updating the perceivable information to reflect an indication of strength of the modified potential password comprises updating the perceivable indication each time the user enters user input resulting in a modified potential password.
  - 26. The system of claim 19 wherein the operations further comprise conditioning acceptance of the potential password as the user'"'"'s password upon comparison of a strength of the potential password against a threshold.
  - 27. The system of claim 26 wherein conditioning acceptance of the potential password as the user'"'"'s password upon comparison of the strength of the potential password against the threshold comprises denying selection of the potential password as the user'"'"'s password in response to a determination that the strength of the potential password does not exceed the threshold.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Meta Platforms, Inc. (f/k/a Facebook, Inc.)
Original Assignee
Netscape Communications Corporation (Apollo Global Management, Inc.)
Inventors
Mullany, Michael
Primary Examiner(s)
Kim; Jung

Application Number

US09/528,845
Time in Patent Office

3,655 Days
Field of Search

713/183, 713/184, 713/202
US Class Current

713/184
CPC Class Codes

G06F 21/46 by designing passwords or c...

System and method for determining relative strength and crackability of a user's security password in real time

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

49 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for determining relative strength and crackability of a user's security password in real time

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

49 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links