The current authentication paradigm typically utilizes static passwords for accessing user accounts. For example, a challenge-response script can request a secret username and/or password be presented as credentials. During an initial set-up or configuration of user accounts, users select a username and password.
Problematically, passwords can be compromised over time by theft, changing personnel, user error, and many other reasons. Consequentially, users need to manually configure a new password to restore security. The task becomes burdensome for highly secure systems that require frequent password updates. Furthermore, users may be unable to memorize a constantly changing password, especially due to the number of different systems now requiring passwords for access.
One current solution to providing a dynamic password requires users to carry a password-generating device that continuously displays an updated password. Because the device uses an algorithm that is synched with a security server, both have access to the same password at the same time, and to an updated password at a later time.
Unfortunately, users need to carry the password-generating device for use when account access is needed. Furthermore, if the device is lost or stolen, the user account can be comprised and a user loses access to the account until a new device is issued.
What is needed is a robust technique to provide the security level of dynamic passwords while maintaining ease-of-use for users with a user-defined formula that remains static.