1. Field of the Invention
The present invention relates to a method and apparatus for authenticating a password, and more particularly, to a technology of indirectly authenticating a password by using a variable password.
2. Description of the Related Art
A system including user information should only allow access of a permitted user, and a technology of determining whether access is tried by a permitted lawful user is called a user authentication technology. Such a user authentication technology is widely used to secure logging into an internet website, internet banking, and a user terminal. Also, recently, according to increased supplies of user terminals, such as laptops, smart phones, and tablet personal computers (PCs), an authentication process is frequently performed by using such user terminals in public places.
However, a general user authentication technology using a personal identification number (PIN) is weak against shoulder surfing or a recording attack by a third person, or a spyware/key logger attack since a password of a user is exposed as it is. Consequently, a method of preventing a key logger attack by randomly disposing password numbers has been suggested, but even by using this method, the password may still be exposed via shoulder surfing or a recording attack.
A technology of dividing an image into a plurality of cells and authenticating a password by replacing a cell at a predetermined location with the password has been introduced as a general method of authenticating a user in a mobile terminal. This technology has improved security with respect to a password exposure since a PIN input method is replaced, but the location of the predetermined cell may still be exposed to a third person. A background technology of the present invention is disclosed in KR 10-2009-0016934 published on Feb. 18, 2009.