1. Field of the Invention
This invention relates to the fields of computer program security, user access control, user interface methods, and online authentication, and more specifically to the field of password and personal identification number protection and management.
2. Background of the Invention
Many websites require users to supply a screen name or user name (“user ID”) and a user-specific password in order to authenticate the user and provide account security. Similarly, many application programs, such as word processors with password protected files, financial management software, and e-mail client programs also require a user ID and a password in order to access certain files and accounts.
In many cases, the password is generated by the supplier of the service or the application program itself. In such cases, the user may or may not be able to modify that password to be something easily remembered. This can result in a single user having many different user names and passwords, each of which is associated with a single web site or application program.
In situations where the user is provided the capability to define his or her own password, it is unwise to use a common password for all of his or her access points for web sites and application programs. For example, if an online financial or stock tracking website requires a user to set a password, it would be unwise for that user to use the same password as he may use for his online banking personal identification number (PIN) or other passwords for other programs and websites, as that password is supplied to the operator of the website and would allow the operator of that website to potentially access his or her other accounts.
Therefore, it remains extremely common for users to have a multitude of passwords, each of which is associated with a different user ID and a different application program or website.
However, it quickly becomes unwieldy for a user to remember all the different user IDs and passwords associated with all the different application programs, accounts, and websites. So, many users keep track of their user IDs and passwords in a written form, such as writing them on a sheet of paper kept in their desk, or by entering them in a word processor or data file in their personal digital assistant (“PDA”) or personal computer (“PC”).
This approach, though, can cause a security problem in that the piece of paper may be found by an unauthorized user, resulting in unauthorized access to the user's programs and online accounts. The piece of paper can be lost, too, causing unnecessary difficulty to the user in getting new passwords assigned to his or her account. If a user stores his or her passwords in a computer file on a PDA or PC, he may password-protect that file to provide some security, but may find this file is not available as easily as the paper copy in that he must have access to the appropriate platform, a PC or PDA, and the appropriate application program, such as a word processor, to open and view the file.
One attempt at solving this problem has been provided in Microsoft's Internet Explorer (“IE”) [™] known as their web form “auto-complete” feature. Using this auto-complete feature, users can automatically complete or fill-in fields in web forms based on previously defined data which is stored by Internet Explorer on a user's local computer. Potentially, this feature can be used to memorize and enter a password field in a website form, thereby relieving the user of having to remember the password for that form or website. In essence, though, this feature circumvents the security of the form's authorization and authentication process because the auto-complete feature of Internet Explorer [™] does not require a password to operate it. So, any person who has access to the user's computer, and therefore access to the user's auto-complete memorized data file, may use Internet Explorer [™] to auto-complete a form, such as a log-on sequence, and subsequently access the user's online accounts and files.
Another attempted solution to this problem has been provided by Intuit's Quicken [™] application program, which provides financial management functions such as checkbook balancing, check tracking and online bill payment. Since users may have several different bank accounts and several different online payment accounts, Quicken provides a “PIN vault” which is activated automatically during various online transactions conducted via the program which require the entry of a user or account password. A user may configure multiple passwords in the PIN vault, and then use a single password to allow Quicken to automatically enter each password specific to the online transaction being performed.
While this approach provides for enhanced security of the PIN vault contents and convenience to the user, this function is tightly coupled to the Quicken application program itself (e.g. it is a native function of Quicken). As such, the PIN vault is not usable or accessible by other application programs, such as a general purpose web browser. This, then, may lead the user to resort to the older methods of writing down all of his or her passwords and user IDs, or storing them in a computer file.
Therefore, there is a need in the art for a system and method which provides a centralized, secure password storage facility, with quick and easy user access of those passwords without circumventing security measures such as log-on procedures. Additionally, there is a need in the art for this new system and method to provide user password accessibility across applications, web sites and web form instead of being usable only for specific applications or websites, in order to increase it's usefulness and efficiency.