Web resources a server system having access to a network increasingly provide access to interfaces that must be protected from unauthorized use. Typical security on such user interfaces is provided by a password or “personal identification number (PIN) that must be provided to the user interface via an input device prior to further access by an individual (or in some instances another machine) accessing the interface.
The level of security provided by a “weak” password or token such as a password or PIN is generally related to its length and arbitrariness. However, the same factor is also determinative of the difficulty for a human to remember the password. Also, the number of possible password element values, e.g., just digits versus digits plus letters is generally made larger to improve security, but the input set size increase is generally either thwarted by use of common words or numbers within the total possible space of values.
Two-dimensional textual or graphical hint systems have been proposed, from systems that actually display the password in a form such as a “hidden word” puzzle to systems that use a randomized arrangement of icons that must be selected in order or a particular arrangement of icons that must be selected in a pattern in order to satisfy password entry. All of the above systems have an advantage in that they are not easily overcome by mere repetitive machine input.
However, all of the above systems may reveal their underlying password eventually through human observation, especially when the underlying password hiding mechanism is known. For example, if it is known that the password hiding mechanism is a particular arrangement of icons that must be selected in a pattern, an observer can ignore the actual icons and merely note the pattern.
Therefore, it would be desirable to provide a method and system for hiding passwords in a display that cannot be easily discovered through observation of entry patterns and values and which is communicated to the user in a secure manner.