Several techniques for protecting the data in computer systems have been utilized. The most common technique is to prevent unauthorized user access by providing authentication and access control through the use of a password. A password typically consists of a sequence of letters, numbers, and/or special characters. Passwords are often used to verify the identity of a user before granting access to computer systems, web pages, e-mail, files, or software programs.
Unfortunately, users frequently choose words that are familiar to them as their password. Thus, these easily detected passwords can compromise the security of a computer system. High speed communications, increased network capabilities and high performance processors can enable a “cracker” program, a computer program used for breaking security on a computer system, to quickly determine a user's password. As a result, software programs that incorporate proactive password checkers, such as Microsoft's Passport, Mozilla's Personal Security Manager, John the Ripper and Pretty Good Privacy (PGP), have been developed to predetermine whether a user's proposed password will be vulnerable to cracking. Some of the methods used by proactive password checkers to determine a password's susceptibility to cracking include verifying if the password exists in a dictionary, checking the length of the password, and comparing the password to a permutation of the letters in the user's name.
As is well known, PGP uses public-key cryptography to encrypt and decrypt e-mails and files in order to prevent unauthorized access. Public-key cryptography uses two keys, a private key and a public key, for encrypting and decrypting data. When creating a private key, a password specified by the user is assigned to protect the key. An example of a “New Key” screen is shown in FIG. 1. The user can enter a password for the private key in the field 101. As each character is entered, the “Passphrase Quality” meter 102 proactively indicates to the user the level of quality of the password. However, PGP does not indicate to the user why the quality of their proposed password is high or low. In addition, PGP does not indicate to the user how to improve the quality of their proposed password without increasing the length of the password.
Examples such as these show that a need exists for an apparatus and a method to indicate to the user how to improve the quality a password.