The present invention relates to computer network security and passwords, and more particularly to the management of user authentication information. It particularly relates to the creation, storage, updating, and transmission of user identification tokens and passwords, and will be described with particular reference thereto. However, the invention is not so limited, and will also find application in other areas of secure information management such as the management and electronic transmission of credit card numbers, personal identification numbers (PIN's), and the like.
Recently, there has been a rapid rise in the number and type of secure computer services offered through the Internet or over local area networks (LAN's), wireless communication systems, internal corporate computing resources, and the like. Web browser programs originally designed for navigating an open Internet are now typically additionally used to access secure websites, secure LAN's, and other restricted sites as well. The use of a web browser simplifies the access and navigation of the various secure computer services by providing a common user interface.
In order to establish and confirm authorization to access a secure service, a user is typically required to supply at least a user identification (user ID) token and a password to establish a secure connection to the service. Loss or theft of the authorization information, especially the password, is a potential serious security risk. For this reason, each user is strongly encouraged to follow certain guidelines in creating, storing, and transmitting user ID tokens and passwords.
First, it is strongly recommended or required that each user implement a different password for each service accessed. However, users often have difficulty remembering and keeping track of a large number of passwords for the various secure services typically accessed. As a result, many users ignore the rule of a different password for each service and instead use the same password for many different secure services. Alternatively, users often maintain a physical, e.g. handwritten or printed, list of passwords, or store the passwords in an unencrypted and insecure file, such as a spreadsheet or a word processing document. Of course, the existence of such a physical insecure list in and of itself creates a greatly increased risk of password theft.
Second, it is strongly recommended or required that each password selected is essentially a random character string and thus not easily associable with the user. The use of a spouse's name or birthday, a favorite color, or other password which might be easily guessed by hackers is strongly discouraged. This rule also is commonly ignored by users who prefer to use easily remembered, but correspondingly obvious, passwords.
Third, passwords should be fairly complex. Short and simple passwords, such as “12345”, “abcde”, “hello”, and the like, are more easily guessed than longer passwords which contain both letters and digits. Once again, however, users typically prefer the simpler passwords. This tendency can be countered to some degree by having password format rules encoded into the security management system of the secure service. Typical password format rules include a minimum password length, a requirement for at least one numerical digit, a requirement for at least one alphabetical letter, or the like. Of course, such requirements again tend to induce users to create physical lists so that the forgotten passwords can be easily recalled.
Fourth, security experts recommend changing passwords frequently. By employing frequent password changes, the risks associated with a compromised password are limited to a short time period between password changes. Users are often resistant to frequent password changes, however, because they do not want to memorize the new passwords. Many secure services counter this resistance by requiring a password change at fixed intervals, e.g. on a monthly or yearly basis.
To summarize, an inherent tension exists between the characteristics of a secure user password portfolio which include a large number of different and essentially random passwords that are frequently changed, and the desire of computer users to have only a few, or ideally just one, password which is easily memorized and can be implemented over a long period of time. The majority of methods disclosed in the prior art for alleviating this conflict weigh heavily against ease of use. In the most extreme examples, some secure services now assign a random password and enforce password changes on a weekly or monthly basis. Of course, an unrecognizable computer generated password almost certainly will result in the user physically jotting the password down on a slip next to the computer. Thus, these enforced methods are not satisfactory, at least in isolation.
The prior art also discloses methods for helping computer users to cope with large numbers of complex passwords. U.S. Pat. Nos. 6,006,333 and No. 6,182,229, both issued to Nielsen, disclose a client-side system for encoding, storing, and transmitting passwords based upon a master password. In this manner, the user need only remember the master password. The client-side system then recalls, decodes, and sends the actual password to each secure service requesting user authentication information.
There remains an unfulfilled need, however, for an improved comprehensive password management system which maintains high security while reducing the need for the user to remember a large number of frequently changing passwords. In view of the increasing availability of a variety of different types of devices (e.g., desktop computers, laptop computers, cellular telephones, personal data assistants, and the like) capable of accessing secure network services, the improved password management system should be device independent. Many secure service providers now have multiple login network addresses, and the user can supply the same authorization information at any of these addresses and thereby establish an authorized connection to the entire service. As a consequence, the password management system should preferably accommodate multiple login network addresses for the same secure service.
The increasingly rigorous password requirements imposed by secure service providers, which presently include complex password format rules and mandatory password changes on fixed time schedules, should also preferably be accommodated.
An improved password management system should also preferably be compatible with, and transparent to, legacy secure services, while simultaneously taking advantage of newer and better standardized network security protocols which are being developed and which are in some cases already available.
The present invention contemplates an improved system and method for the management of user authentication information which provides a solution to the above problems and others.