The invention relates generally to systems and methods for facilitating initial entry during selection of password information, and more particularly to systems and methods for facilitating initial entry during password selection and generation that employ feedback as to whether or not a password has been properly initially entered or generated.
With the increase in electronic information exchange, the use of passwords and other security authorization mechanisms for use with communication systems, computer systems, telephones and other devices, has become more important. As password cracking programs become more sophisticated, the length of passwords and types of variations for character order, length, and character type have become increasingly complex to try to thwart programs and malicious personnel from determining a user""s password to gain entry into a particular system, program, access to cryptographic keys or data in a storage medium.
Generally, the more xe2x80x9crandomxe2x80x9d a password, the more difficult it can be to decipher. As a mechanism to assist users in entering suitably xe2x80x9crandomxe2x80x9d passwords, some systems provide a text based list of rules through a graphic user interface that allow a user to read the rules prior to entering the password during login or during a password change operation. For example, if a particular password mechanism requires the use of at least one capital letter and at least one numerical character, the system provides visual rules in the form of text to the user that the user must enter at least one capital letter and one number as part of the password in order for the password to be accepted by the system. However, if the user fails to properly enter a desired character as predetermined by the system, the user typically will not be notified of the improper entry until a suitable number of characters have been entered. Where the password is relatively long or where password selection is required frequently, this can be a cumbersome and frustrating process. In addition, conventional initial password entry systems having multiple rules typically only notify a user of one rule that has been broken and a user must keep reentering password characters until the user finally enters the character (or password information) correctly. For example, if there are many different password entry rules, such as password length, nonredundancy of certain characters, capital letter character requirements and other requirements, a system typically will only notify the user of the first rule in the list that has not been met although many rules may not have been met by the user. Hence the user has to repetitiously correct the entry of password character information iteratively to satisfy the next rule on the list. Moreover, conventional initial password entry systems typically do not perform the password character and rule comparison until after the system receives password entry complete data, such as when a user hits the keyboard button or GUI button after or the user believes that a password has been entered. As such, a user does not know that the password may have been improperly entered until after the user notifies the system.
Such problems become compounded when password rule data is configurable, such as in a system entitled xe2x80x9cA Computer Network Security System and Method Having Unilateral Enforceable Security Policy Provisionxe2x80x9d described in co-pending Patent Application No. 08/986,457, filed Dec. 8, 1998 and assigned to instant assignee. In such systems, a central authority may designate through a signed certificate the password rules that the system requires for every user in the system on a per user per application or per user class basis. These rules may be changed by a security manager or other personnel and it may be changed in a per user basis or other suitable basis frequently. As such, the rules continually change. It can be difficult to keep track of dynamically changing password rule requirements.
Consequently, a need exists for a system and method for facilitating password generation or initial password entry that provides a continuous evaluation of password character data entry and dynamically generates failed rule information to a user on a dynamic basis so that the user need not wait until a password is completely entered to be informed that password has been improperly entered. In addition, it would be desirable if such a system allowed the use of configurable rule data so that if password entry rules are changed, the system automatically accounts for the rule changes without user intervention. It would also be desirable if such a system and method had flexibility in allowing the continuous evaluation and dynamic generation of rule data compliance on a variable character length basis.