Bank customers using an automated teller machine (ATM) generally enter a four-digit numerical personal identification number (PIN), hereafter called a password, to access their bank account or conduct banking transactions. Banks assign the password to the customer when an account is opened. The password might never change for as long as the customer owns the account. A short numerical password is easy for the customer to remember, but is also easy to steal. Thieves can steal the customer's password by watching as the customer enters the password. Thieves can then use the stolen password to gain unauthorized access to the customer's bank account.
One solution to prevent theft of a password is to assign single-use passwords that expire after being used once. If a thief observes a customer using a singe-use password, the stolen single-use password is useless for accessing the customer's bank account, because the single-use password expires after being used by the customer. Assigning single-use passwords presents logistical and practical challenges. The bank needs an efficient method of distributing the single-use password. The customer needs a way to remember the single-use password. The method of distribution and the way of remembering needs to be secure, to preserve the secrecy of the single-use password.
One known method of assigning single-use passwords is to use a rotating code on compact electronic display device. The rotating code corresponds to a rotating code on the bank's computer system, such that the rotating code on the compact electronic display matches the rotating code on the bank's computer system. A problem with this method is that if the compact electronic display is lost the customer cannot access the account. If the compact electronic device is stolen, the customer cannot access the account, but the thief can. A need exists for a way to provide a customer, or any user of computerized passwords, with a unique, single-use password that is hard to steal, but easy for the customer to remember.