The use of passwords is one of the most common techniques of authenticating users to computer systems. Traditionally, passwords play a central role in securing such systems. Unfortunately, passwords are generally one of the easiest security mechanisms to defeat.
One of the factors influencing the strength or robustness of a password authentication mechanism is the strength of the password itself. For example, many “easy to remember” passwords, e.g., a person's birth date or favorite color, can generally be easily determined by an adversary. Other common passwords are susceptible to dictionary-based attacks, e.g., an automated program attempts all of the words in a dictionary as a password. The conventional art is replete with methods to enhance the security of password-based authentication. For example, “strong” passwords, e.g., passwords that are difficult to guess, can be created by automated software and provided to users.
Unfortunately, due in part to the complexity of password based access control, and influenced by the myriad techniques available to enhance such controls, the realization of password based access controls is frequently a hodge-podge of policies implemented inconsistently across a computing environment, e.g., an enterprise computing system. For example, a director of information technology may decree that certain password-related policies are to be used within an enterprise. However, there is generally not a method or system for effectively distributing, enforcing and implementing such policies throughout the enterprise. For example, implementation and enforcement of such policies is often left to various individual system administrators having physical control of different computing assets.
Thus a need exists for methods and systems for establishing a consistent password policy. A further need exists for establishing a consistent password policy in enterprise scale computer systems. A still further need exists to meet the previously identified needs in a manner that is complimentary and compatible with conventional computer system operations.