Passwords are a commonly practiced security measure that prevents unauthorized users from accessing computer systems as well as identifying authorized users during an access. However, unauthorized users have used a variety of measures to ascertain the passwords of authorized users.
Once an unauthorized user has obtained an authorized user's password, the unauthorized user can access the computer system in the same manner as the authorized user. Often times, the unauthorized user accesses the computer system for malicious purposes. The activity of the unauthorized user is generally not detected until significant damage or disruptions have occurred.
Requiring authorized users to change their passwords at regular intervals can curtail, at least to some extent, the activities of unauthorized users. However, the regular interval time period is usually several weeks or months. During this time period, an unauthorized user can cause significant damage and disruption. Even if the user changes password daily, it could still not be effective to inhibit unauthorized user to do significant damage and disruption for that duration.
As a result, some computer systems use a time varying randomly generated password for each authorized user. The administrator of the computer system provides each authorized user with a device. The device includes a pseudo-random number generator that generates a code at relatively short time intervals, such as every minute. The computer system is also equipped to determine the pseudo-random number at a given time. When the authorized user seeks to access the computer system, the authorized user uses the code generated and displayed by the device as the password.
The foregoing provides for quickly changing passwords that are valid for short times. Accordingly, even if an unauthorized user does obtain a password, the password is valid for a very short time period. This significantly curtails the damage that an unauthorized user can do.
One of the well known disadvantages is associated with providing such device to an authorized user. Given the global reach of the internet, in many cases the device has to be delivered to the user via courier or mail. This can delay initial access by authorized users by several days. Additionally, when sending the device by mail, it is possible for an unauthorized user to intercept the device.
Further limitations and disadvantages of convention and traditional approaches will become apparent to one of ordinary skill in the art through comparison of such systems with the present invention as set forth in the remainder of the present application with reference to the drawings.