Security is fast becoming an important issue. It is well known that with the proliferation of computers and computer networks into all aspects of business and daily life—financial, medical, education, government, and communications—the concern over secure file access is growing. Using passwords is a common method of providing security. Password protection and/or combination type locks are employed for computer network security, automatic teller machines, telephone banking, calling cards, telephone answering services, houses, and safes. These systems generally require the knowledge of an entry code that has been selected by a user or has been preset.
In many large companies, the computer system is organized as a network to reduce the cost of purchasing and installing software on all the stations existing in the company. A main advantage of using a network is to facilitate data accessibility to each employee. However, it is necessary to limit access of a company's network to the company's employees. As such, prior to access to the company's network, a password window prompted the company's employees to enter a login identity and an associated password. Usually, a user specifies passwords. Most users, being unsophisticated users of security systems, classically choose as the login identity their first name and their dog's name as a password for example. Each time a user is prompted to enter his password, the password is always identical to the one previously entered by the user unless the user has modified his password during a previous session. As such, many password systems are easily accessed through a simple trial and error process.
Optionally, to make the system more difficult to break, the network system is organized in such a way that regularly all the employees are prompted to change their password, or are required to run a specific routine to change their password. Often, the system allows the users to combine a non-determined number of letters, either small or capital, and digits in their passwords. During the time period lasting between two successive modifications of a password, the password remains unchanged. A competent person may rapidly find out the password of a user and access a company's network.
Optionally, a password is stored in a password database and user authorization information such as biometric information, a digital key, a smart card, or a global password is required to retrieve the password. When the password is retrieved, it is provided to the password window. It is known to those skilled in the art that a biometric identification system accepts unique biometric information from a user and identifies the user by matching the information against information belonging to registered users of the system. Fingerprint sensing and matching is a reliable technique for personal identification and/or verification.
The combination of a password and biometric information such as a fingerprint for example is beneficial because it increases the security and limits accessibility to a system. However, an association between a biometric information sample and a password also raises a problem when the password is changed. If an individual changes his password manually using, for example, a change password command of a password protected system, a next time he wants to access the system and provides his fingerprint, his old password is retrieved and provided to the password prompt. The old password is not current and therefore a message indicating that the password is incorrect is provided for the user. Thus, the user has to manually type in the new password. Eventually, the user can run a password change routine wherein the old password is provided along with the fingerprint, the new password typed in and the biometric sample assigned from then to the new password.