Large-scale computer networks feature sophisticated administration schemes for managing user access. A large network typically includes multiple domains, each of which has a primary domain controller with a database of usernames, passwords and permission information for machines in the domain. An authorized user can log on to any machine in the domain using the same username and password. A password change made by the user while logged on to one machine is recognized by the other machines in the domain.
By contrast, small-scale local networks, such as home networks, are generally unmanaged, having no dedicated, “always-on” device for handling account information in a centralized and automatic manner. The machines in an unmanaged network are typically connected to the same hub or router and usually operate as a loosely-organized, peer-to-peer workgroup. Such networks have characteristically been inconvenient for users. For example, until recently, a user was required to establish a local account on each device in the network that the user wished to access. When a user changed a password on one machine, the change was not automatically replicated to the remaining machines in the group.
Improvements relating to small-scale unmanaged networks have been described in two commonly-assigned, co-pending patent applications. In “Small-Scale Secured Computer Network Group Without Centralized Management,” application Ser. No. 10/414,354, filed on Apr. 15, 2003, there is provided a platform and method for organizing a secure network group of mutually-trusting devices. Common user access and resource sharing among the computers in the group are achieved by replicating a database of user accounts, user profiles, and user security identification to each of the machines. An authorized user can log on to any of the computers in the group with the same username and password. When a user changes his password on one of the computers, the change is replicated to the rest of the group. In “System and Method for Generating Aggregated Data Views in a Computer Network,” application Ser. No. 10/691,872, filed on Oct. 23, 2003, there is provided a system and method for managing content among the machines in a network. A user causes a machine to issue a local content query associated with the user's security identification profile, and the query is distributed across several devices in the network. Query responses are merged and an aggregated view is generated. U.S. patent application Ser. Nos. 10/414,354 and 10/691,872 are each incorporated herein by reference.
Computer users desire both convenience and security against unauthorized access to their data. Users of home networks typically require protection from unauthorized outside intrusion, but do not expect significant security within the network, because ordinarily only authorized users have physical access to a machine in the network. Users of standalone computers or small-scale networks have separate user accounts not primarily for reasons of security, but for data separation and individual user convenience. Thus on single machines users generally prefer the convenience of accounts not protected by a password (more precisely, accounts in which the passwords are blank). Home networks such as those based on Microsoft®Windows® operating systems, however, have a trust model that requires a user to have a password-protected account on a machine in order for the user to gain access to the machine from another machine within the network.
Users are advised to employ relatively complex or “strong” account passwords in order to guard against unauthorized access by way of dictionary attacks and brute force guessing of passwords. Strong passwords are at least seven characters in length and include numbers and symbols. However, strong passwords are relatively difficult to remember and to type into a computer. Users generally prefer simple, easy-to-remember passwords, though such passwords are vulnerable to intruders. In a home network, if a user wishes to remotely access data, the user must have a password, but if the user does not employ a strong password, the user's data is not desirably secure. Some computer systems have an “autologon” feature, in which the user's password is stored and retrieved when the user logs in, but an autologon account is only as secure as the password that the user has chosen for that account.