Most enterprises implement password/security administration for their online resources. One technique, which nearly everyone is familiar with, is the use of a front-end password or authentication service. The password service attempts to ensure that only authorized users can penetrate a firewall of the enterprise and access certain firewall-protected resources.
One situation where this is readily apparent is when a remote employee tries to use the Internet to log into his/her employer's secure Intranet. In such a case, the user is required to authenticate before gaining access to the Intranet via an id and password combination that a password service uses to authenticate the user and perhaps change protocol access for the user to something more secure, such as a secure socket layer (SSL) communication or a virtual private network (VPN) communication.
Security administrators often attempt, as best they can, to establish password policies that prevent users from setting their passwords to something that may be easily hacked by intruders. This means that the administrators have to attempt to get inside the mind of potential intruders and second guess what those intruders may try to hack into the enterprise's secure assets. Even the most clairvoyant administrator struggles with this aspect of his/her job. The ad hoc approaches, which are often implemented on an administrator-specific basis, probably resemble more art than science and are in no way consistent or reliable.
Another approach is to rely on software programs that purport to be able to crack passwords. Here, the passwords are only as secure as the software used, since if the software cannot crack the passwords then the Administrator may get a false sense of security. Moreover, intruders are likely changing their approaches every second of the day and 365 days a year. So, it is unrealistic to think that a relatively static piece of software can provide an enterprise with the security it needs.
Thus, what is needed is a mechanism, which improves the security of access credentials for an enterprise in order to more effectively counter intruder attempts to access secure assets of that enterprise.