Password violations are a major cause of security breaches in computer systems. In particular, poorly chosen or inadequate passwords are the major cause of computer security breaches. Generally, a password for accessing network and personal computers is chosen because the password is easy to remember. However, one major reason for password system failures is that users are liable to forget the password. This fact encourages a user to write down the password or select a password that will be easy to remember. Simple passwords that are easy to remember are also easy to figure out. When a user writes down the password, the password may be seen by others. This increases the potential for compromising the security of a password protected system.
Companies that develop software have procedures that may also compromise passwords. Because purchasers and users of a particular software application tend to forget passwords, software companies provide a “backdoor” in the software application. The term “backdoor” refers to a method for bypassing a specific password entry into the software. The purpose of this customer service is to allow the software company to access its software application without a password. However, this “backdoor” also exposes the computer system to unauthorized entry.
A network operating system usually has a master password that enables a network manager to open any file on the network. This presents a weakness on network systems. When a network manager leaves a company under less than happy circumstances, the former network manager may insert his or her own backdoor entry into the system for later access. The existence of backdoors is widely known in the computer industry. The search for possible backdoors is a primary line of attack against computer security.
An additional problem with “password secured” computer systems is the already large and growing threat from “hackers.” Originally, the term “hacker” meant a computer programmer with little or no formal training. The current popular definition of a hacker refers to individuals who gain unauthorized access to computer systems for the purpose of stealing and/or corrupting data. Hackers are known for breaking into supposedly secure computer systems and playing havoc with web sites, credit card accounts, internal databases, etc. Many of the Internet or online sites that have been hacked were once thought to have been relatively secure.
Among many tools that hackers use is a so-called “war-dialing” program that operates online and automatically scans thousands of telephone numbers to identify systems that are available for hacking. This includes Digital Subscriber Line (DSL) systems or cable online systems, which are particularly vulnerable because of their continuous connection to the Internet. After finding potential targets, the hacker will likely bring into play many software tools to break into the target system.
Hacker software tools also include programs that try many combinations of numbers and letters over a set period of time in an attempt to compromise a password protected system. A very effective approach is a “dictionary attack” application. On some operating systems, as each letter or number is presented by the hacker, the letter or number is confirmed by the system as right or wrong. This serial confirmation sequence makes the dictionary attack program a strong hacker tool. However, on other operating systems, the password must be completely entered correctly before confirmation is supplied by the system. This may slow down the password discovery process but, with time, the hacker's computer can eventually present a correct password to the target computer system.
Therefore, a need exists in the art for an apparatus and method to provide password protection for a computer system. In particular, there is a need in the art for an apparatus and method that is capable of providing virtually hacker proof protection for an online computer system.