1. Field of the Invention
The present invention relates to the field of computer security and, more specifically, to an adaptive authentication solution that rewards almost correct passwords and that simulates access for incorrect passwords.
2. Description of the Related Art
Currently, many of today's computer systems allow users to access their data through a password based authentication scheme. While this can be convenient for some users, the majority of users often experience problems with this type of security. Many times, users forget their passwords or only partially remember the passwords. As a result, users often choose simple passwords that are easy for intruders to guess.
Additionally, intruders frequently obtain passwords to users' accounts through a brute force dictionary attack, whereby a large series of passwords are automatically attempted until a match is found. Easy to guess passwords are quickly discovered and allow intruders to gain access to the users' account and the system. A side effect of a brute force attack by an intruder results in reduced performance of the computer system being attacked. That is, processing brute force access attempts can consume system resources which results in performance degradations.
Further, multiple attempts to access a user's account can result in an account lock-out, even if a legitimate user is trying to access their account. Account lock-outs usually require an administrative entity to unlock the account which can cost time and money. Still further, an intruder can maliciously cause account lock-outs thus denying access to legitimate users. This situation negatively impacts the user, the computer systems, and associated organizations. A solution could be devised to solve problems associated with intrusion attacks and exact matching password authentication schemes. It would be beneficial if an adaptive access control scheme existed based on a password authentication scheme.