Passwords are used to gain access to software applications, bank vaults and a litany of other sources or processes. In computer systems, telecommunication systems and other systems, password entry interfaces are used that typically prompt a user to enter a password to gain access to protected information, products, or any other protected sources. Where password entry interfaces are implemented through software programs, such as graphic user interfaces, DOS based password prompts or similar password entry interfaces, there is typically no way for a user to know they are about to type a password into a real program or a malicious program designed to mimic the real program. For example, where a password entry interface is employed using a graphic user interface to allow a user to gain access to a cryptographic security engine on a network, information over the Internet from a Web page, or any other suitable source, a Trojan horse program, or other malicious program, can attempt to mimic the password entry interface thereby allowing an unscrupulous party to obtain a given password. The password may then be used to break into protected sources. In the context of a computer system, when the password is stolen, a hacker can gain access to the computer system and highly confidential information.
Typical password entry interfaces may include, for example, a Windows-based graphic user interface dialog box known to be used by many software applications and operating systems. These dialog boxes typically include a field for a user's name and other field for the user to enter a password or other information via a keyboard or other biometric input device, such as a thumb print, retinal scan information, or other suitable biometric input to be used as a password. However, such password entry interfaces are typically static in nature and relatively easy to mimic by a malicious program. In addition, the interfaces are typically the same for all users for a given software application, or operating system. As a result, a malicious program may be inadvertently downloaded through e-mails, or other communications without a user's knowledge.
Also, it is generally known to provide three dimensional rotating symbols during, for example, an encrypted Internet session, to show that an encrypted session is in progress. Such three dimensional rotating symbols may appear, for example, in a Web browser when a secure session has been set up between a Web browser and a Web server. However, such known systems typically provide a static password entry interface that can be readily mimicked by a malicious program.
Consequently, there exists a need for a method and apparatus that facilitates prevention of a mimicking of a password entry interface so that a user can detect that a malicious program is attempting to steal and enter the password.