Increasing chosen password strength

US 9,009,815 B2
Filed: 03/15/2013
Issued: 04/14/2015
Est. Priority Date: 03/15/2013
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method to increase password strength in a group of users, the method comprising:

detecting a password event corresponding to a first user belonging to the group of users;

in response to the detected password event, identifying one or more password strength metrics of a first user password that corresponds to the first user;

comparing the one or more identified password strength metrics to one or more password strength metrics for a set of passwords, wherein respective passwords in the set of passwords correspond to respective ones of the group of users, and wherein the set of passwords and their respective password strength metrics are stored in a storage area;

transmitting feedback to the first user, wherein the feedback is based on the password strength comparison; and

receiving a password update from the first user that updates the first user password to a stronger password, wherein the password update is received in response to the transmitted feedback.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An approach is provided to increase password strength in a group of users. The approach detects a password event corresponding to one of the users. In response to the detected password event, the approach identifies a strength of the user'"'"'s password and compares it to one or more password strength metrics that correspond to the group of users. The password strength comparison data is then transmitted as feedback back to the user.

Citations

20 Claims

1. A computer-implemented method to increase password strength in a group of users, the method comprising:
- detecting a password event corresponding to a first user belonging to the group of users;
  
  in response to the detected password event, identifying one or more password strength metrics of a first user password that corresponds to the first user;
  
  comparing the one or more identified password strength metrics to one or more password strength metrics for a set of passwords, wherein respective passwords in the set of passwords correspond to respective ones of the group of users, and wherein the set of passwords and their respective password strength metrics are stored in a storage area;
  
  transmitting feedback to the first user, wherein the feedback is based on the password strength comparison; and
  
  receiving a password update from the first user that updates the first user password to a stronger password, wherein the password update is received in response to the transmitted feedback.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the group of users is a group of users on a social network.
  - 3. The method of claim 1, wherein the password event is an event selected from the group consisting of setting a new password, changing a password, authenticating a user, password expiration, and a password strength threshold.
  - 4. The method of claim 1 further comprising:
    - identifying one or more password strength factors pertaining to the first user password, wherein the feedback to the user includes the identified password strength factors.
  - 5. The method of claim 1 further comprising:
    - tracking a count of a number of times each unique password is used by the group of users, wherein one of the password strength metrics is based on the count of the associated password.
  - 6. The method of claim 1 further comprising:
    - identifying one or more password rules;
      
      comparing the first user password to the identified password rules;
      
      rejecting the first user password in response to the comparison revealing that the first user password violates at least one of the identified password rules; and
      
      accepting the first user password in response to the comparison revealing that the first user password complies with the identified password rules.
  - 7. The method of claim 1 wherein the password strength metrics are selected from the group consisting of a password strength value, a password age, and a count of times a password is used by the group of users.

8. An information handling system comprising:
- one or more processors;
  
  a memory coupled to at least one of the processors;
  
  a set of instructions stored in the memory and executed by at least one of the processors to increase password strength, wherein the set of instructions perform actions of;
  
  detecting a password event corresponding to a first user belonging to a group of users;
  
  in response to the detected password event, identifying one or more password strength metrics of a first user password that corresponds to the first user;
  
  comparing the one or more identified password strength metrics to one or more password strength metrics for a set of passwords, wherein respective passwords in the set of passwords correspond to respective ones of the group of users, and wherein the set of passwords and their respective password strength metrics are stored in a storage area;
  
  transmitting feedback to the first user, wherein the feedback is based on the password strength comparison; and
  
  receiving a password update from the first user that updates the first user password to a stronger password, wherein the password update is received in response to the transmitted feedback.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The information handling system of claim 8, wherein the password event is an event selected from the group consisting of setting a new password, changing a password, authenticating a user, password expiration, and a password strength threshold.
  - 10. The information handling system of claim 8 wherein the actions further comprise:
    - identifying one or more password strength factors pertaining to the first user password, wherein the feedback to the user includes the identified password strength factors.
  - 11. The information handling system of claim 8 wherein the actions further comprise:
    - tracking a count of a number of times each unique password is used by the group of users, wherein one of the password strength metrics is based on the count of the associated password.
  - 12. The information handling system of claim 8 wherein the actions further comprise:
    - identifying one or more password rules;
      
      comparing the first user password to the identified password rules;
      
      rejecting the first user password in response to the comparison revealing that the first user password violates at least one of the identified password rules; and
      
      accepting the first user password in response to the comparison revealing that the first user password complies with the identified password rules.
  - 13. The information handling system of claim 8 wherein the password strength metrics are selected from the group consisting of a password strength value, a password age, and a count of times a password is used by the group of users.

14. A computer program product stored in a computer readable storage device, comprising computer instructions that, when executed by an information handling system, causes the information handling system to increase password strength in a group of users by performing actions comprising:
- detecting a password event corresponding to a first user belonging to the group of users;
  
  in response to the detected password event, identifying one or more password strength metrics of a first user password that corresponds to the first user;
  
  comparing the one or more identified password strength metrics to one or more password strength metrics for a set of passwords, wherein respective passwords in the set of passwords correspond to respective ones of the group of users, and wherein the set of passwords and their respective password strength metrics are stored in a storage area;
  
  transmitting feedback to the first user, wherein the feedback is based on the password strength comparison; and
  
  receiving a password update from the first user that updates the first user password to a stronger password, wherein the password update is received in response to the transmitted feedback.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The computer program product of claim 14, wherein the group of users is a group of users on a social network.
  - 16. The computer program product of claim 14, wherein the password event is an event selected from the group consisting of setting a new password, changing a password, authenticating a user, password expiration, and a password strength threshold.
  - 17. The computer program product of claim 14 wherein the actions further comprise:
    - identifying one or more password strength factors pertaining to the first user password, wherein the feedback to the user includes the identified password strength factors.
  - 18. The computer program product of claim 14 wherein the actions further comprise:
    - tracking a count of a number of times each unique password is used by the group of users, wherein one of the password strength metrics is based on the count of the associated password.
  - 19. he computer program product of claim 14 wherein the actions further comprise:
    - identifying one or more password rules;
      
      comparing the first user password to the identified password rules;
      
      rejecting the first user password in response to the comparison revealing that the first user password violates at least one of the identified password rules; and
      
      accepting the first user password in response to the comparison revealing that the first user password complies with the identified password rules.
  - 20. The computer program product of claim 14 wherein the password strength metrics are selected from the group consisting of a password strength value, a password age, and a count of times a password is used by the group of users.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Pieczul, Olgierd Stanislaw, Zurko, Mary Ellen
Primary Examiner(s)
SIMITOSKI, MICHAEL J

Application Number

US13/842,097
Publication Number

US 20140282939A1
Time in Patent Office

760 Days
Field of Search

726/6, 726/18
US Class Current

726/18
CPC Class Codes

G06F 21/46   by designing passwords or c...

G06F 2221/2117   User registration

H04L 2209/26   Testing cryptographic entit...

H04L 63/083   using passwords cryptograph...

H04L 63/0846   using time-dependent-passwo...

H04L 63/20   for managing network securi...

H04L 9/0891   Revocation or update of sec...

H04L 9/0897   involving additional device...

H04L 9/3226   using a predetermined code,...

H04L 9/3234   involving additional secure...

Increasing chosen password strength

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Increasing chosen password strength

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links