Managing password expiry
First Claim
Patent Images
1. A method comprising:
- receiving one or more attempts to log in from a client device into an account;
monitoring, by a processing device, activities associated with the account in view of a password expiry policy that comprises a plurality of behavior deviations that deviate from a behavior norm associated with the account, wherein the plurality of behavior deviations comprise an attempt to log in from the client device that does not have a client certificate to secure a connection from the client device to the processing device;
in response to determining that a number of occurrences of the plurality of behavior deviations exceeds a determined threshold, expiring a stored password associated with the account;
receiving a next login request to the account from the client device, the login request comprising an input password;
determining whether the client device has the client certificate;
in response to determining that the client device does not have the client certificate, tagging the login request with a flag;
validating the input password with the stored password associated with the account;
in response to determining that the input password matches the stored password,determining whether the stored password is an expired password;
in response to determining that the stored password is expired, causing replacing the expired stored password with a new password so that the new password becomes the stored password associated with the account;
granting access to the account; and
in response to identifying the flag being associated with the login request, expiring the stored password subsequent to granting the access to the account;
each time receiving a subsequent attempt to log in from the client device that does not have the client certificate, the method further comprising;
validating a new input password;
expiring the stored password of the account subsequent to successfully validating the new input password with the stored password associated with the account; and
causing replacing the expired stored password with another new password so that the other new password becomes the stored password associated with the account.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and apparatus for managing the expiration of a password. In one embodiment, the method comprises determining whether a behavior anomaly associated with an account has occurred. In response to a determination that the behavior anomaly has occurred, the method expires a password associated with the account and forces the password be changed the next time the password is presented for accessing the account.
25 Citations
17 Claims
-
1. A method comprising:
-
receiving one or more attempts to log in from a client device into an account; monitoring, by a processing device, activities associated with the account in view of a password expiry policy that comprises a plurality of behavior deviations that deviate from a behavior norm associated with the account, wherein the plurality of behavior deviations comprise an attempt to log in from the client device that does not have a client certificate to secure a connection from the client device to the processing device; in response to determining that a number of occurrences of the plurality of behavior deviations exceeds a determined threshold, expiring a stored password associated with the account; receiving a next login request to the account from the client device, the login request comprising an input password; determining whether the client device has the client certificate; in response to determining that the client device does not have the client certificate, tagging the login request with a flag; validating the input password with the stored password associated with the account; in response to determining that the input password matches the stored password, determining whether the stored password is an expired password; in response to determining that the stored password is expired, causing replacing the expired stored password with a new password so that the new password becomes the stored password associated with the account; granting access to the account; and in response to identifying the flag being associated with the login request, expiring the stored password subsequent to granting the access to the account; each time receiving a subsequent attempt to log in from the client device that does not have the client certificate, the method further comprising; validating a new input password; expiring the stored password of the account subsequent to successfully validating the new input password with the stored password associated with the account; and causing replacing the expired stored password with another new password so that the other new password becomes the stored password associated with the account. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system comprising:
-
a memory to store information pertaining to an account; and a processing device, coupled to the memory, to; receive one or more attempts to log in from a client device into an account; monitor activities associated with the account in view of a password expiry policy that comprises a plurality of behavior deviations that deviate from a behavior norm associated with the account, wherein the plurality of behavior deviations comprise an attempt to log in from the client device that does not have a client certificate to secure a connection from the client device to the processing device, in response to determining that a number of occurrences of the plurality of behavior deviations exceeds a determined threshold, expire a stored password associated with the account, receive a next login request to the account from the client device, the login request comprising an input password, determine whether the client device has the client certificate, in response to determining that the client device does not have the client certificate, tag the login request with a flag, validate the input password with the stored password associated with the account, in response to determining that the input password matches the stored password, determine whether the stored password is an expired password, in response to determining that the stored password is expired, cause replacing the expired stored password with a new password so that the new password becomes the stored password associated with the account, grant access to the account, and in response to identifying the flag being associated with the login request, expire the stored password subsequent to granting the access to the account; and each time receiving a subsequent attempt to log in from the client device that does not have the client certificate, the processing device further to; validate a new input password, expire the stored password of the account subsequent to successfully validating the new input password with the stored password associated with the account, and cause replacing the expired stored password with another new password so that the other new password becomes the stored password associated with the account. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A non-transitory computer readable storage medium comprising instructions that, when executed by a processing device, cause the processing device to perform operations comprising:
-
receiving one or more attempts to log in from a client device into an account; monitoring activities associated with the account in view of a password expiry policy that comprises a plurality of behavior deviations that deviate from a behavior norm associated with the account, wherein the plurality of behavior deviations comprise an attempt to log in from the client device that does not have a client certificate to secure a connection from the client device to the processing device; in response to determining that a number of occurrences of the plurality of behavior deviations exceeds a determined threshold, expiring a stored password associated with the account; receiving a next login request to the account from the client device, the login request comprising an input password; determining whether the client device has the client certificate; in response to determining that the client device does not have the client certificate, tagging the login request with a flag; validating the input password with the stored password associated with the account; in response to determining that the input password matches the stored password, determining whether the stored password is an expired password; in response to determining that the stored password is expired, causing replacing the expired stored password with a new password so that the new password becomes the stored password associated with the account; granting access to the account; and in response to identifying the flag being associated with the login request, expiring the stored password subsequent to granting the access to the account; each time receiving a subsequent attempt to log in from the client device that does not have the client certificate, the operations further comprising; validating a new input password; expiring the stored password of the account subsequent to successfully validating the new input password with the stored password associated with the account; and causing replacing the expired stored password with another new password so that the other new password becomes the stored password associated with the account. - View Dependent Claims (13, 14, 15, 17)
-
-
16. The non-transitory computer readable storage medium of 12, wherein the plurality of behavior deviations comprise a request sent from an unauthorized system.
Specification