1. Field of the Invention
The field of the invention is data processing, or, more specifically, methods, systems, and products for generating an alternate password for access to a resource.
2. Description of Related Art
Passwords are useful elements of computer security systems. Passwords are used to secure access to computer resources. If a password is compromised, an unauthorized person can masquerade as a valid user and gain access to critical resources.
A password attack is an attempt to infer, obtain, or decrypt (“crack”) a legitimate user's password to gain unauthorized access to secure computer resources. Readily available password dictionaries and password cracking programs combine to make passwords very vulnerable. The term ‘crack’ is used in this specification to refer to any unauthorized access to a resource protected by computer security systems by guessing, inferring, decrypting, or otherwise improperly obtaining and using a password. Inferring a password in this context can include not only real time guesses typed into a keyboard on a computer terminal but also automated guessing carried out by sophisticated password cracking programs comprised of many password cracking algothms operating on the basis of on-line dictionaries including personal information of users having accounts on target systems.
Passwords are attacked in several ways. One way passwords are attacked is a so-called ‘dictionary’ attack where an unauthorized user makes automated attempts to gain access to a secured resource by using words from a dictionary as trial passwords until one works. Dictionary attacks are made easier when an user picks a password based upon information descriptive of the user, such as, for example, the user's birth date written backwards, a concatentation of the user's address street name and number, the user's mother's maiden name, the user's daughter's name, the user's pet's name, and so on. Unauthorized users can gain access to large quantities of personal information, from Internet resources, from telephone books, from credit agencies, even from a Unix ‘finger’ command. Such personal information can be included in a password cracking dictionary for use by well-known password cracking programs or password cracking programs developing ad hoc by persons seeking unauthorized access to computer resources.
Examples of readily available password cracking programs include:                ‘John the Ripper,’ available from the Openwall Project at www.operwall.com,        ‘Crack,’ available from Alex Muffet at www.crypticide.org/users/alec,        ‘Brutus,’ available from HooBieNet at www.hoobie.net/brutus,        ‘NT Password,’ available from LastBit Software at http://lastbit.com, and        ‘L0phtCrack,’ available from L0pht Heavy Industries, Inc., at www.10pht.com/10phtcrack/dist/10phtcrack25.exe.        
Although password cracking programs are used legitimately to test and evaluate computer security, to find weaknesses that need to be remedied, in fact, password cracking programs are also used by persons seeking unauthorized access through password attacks. There is an ongoing need in the art for improved methods of detecting such attacks.