Showing papers on "Password strength published in 1990"

Non-interactive password authentications without password tables

Abstract: The authors propose a noninteractive password authentication scheme. The scheme simply discards the use of verification tables. The legitimacy of the login user can be validated easily by anyone inside the system. However, no one can masquerade as a legitimate user even though he intercepts the previous login password. The security of the scheme is equivalent to that of Shamir's signature scheme. It can withstand the attack of replaying a previously intercepted login request. >

Power-on password functions for computer system

Abstract: A power-on password security function for a digital computer system allows the system software to distinguish between authorized and unauthorized users. Safeguards are made against corruption of password data which could lead to lock-out authorized users, and redundant checks allow the security function to operate even when first-level checks fail. The battery-powered RAM storage area used to hold the password when the system is turned "off" is protected against being accessible by unauthorized users when the system is turned "on".

System for controlling access to a secure system by verifying acceptability of proposed password by using hashing and group of unacceptable passwords

Abstract: Methods and apparatus for verifying the acceptability of a password proposed by a user of a secure system. The system stores a compressed version of a group of unacceptable passwords in a table of indicators. A mapper assigns indicators to passwords, such that more than one password may be mapped to a indicator. To initialize the system, an initializer applies the mapper to each unacceptable password of the group, and sets the indicators of the table that are assigned to each unacceptable password. Subsequently, a verifier applies the mapper to a proposed password and checks whether the indicator assigned to the proposed password is set. If the indicator is not set, it is determined without error that the proposed password is not in the group of unacceptable passwords, and may thus be assigned privileges in the secure system.

Password protected device using incorrect passwords as seed values for pseudo-random number generator for outputting random data to thwart unauthorized accesses

Abstract: An electronic key which includes a pseudo-random number generator. If the correct password is received, the contents of a secure memory will be outputted by the electronic key. However, if an incorrect password is received, that password will be used as a seed value for the pseudo-random number generator, and the resulting value will be outputted. Thus, if a copier exercises the key through all possible passwords, the incorrect passwords, as well as the correct password, will result in the same output data every time it is tried.

Password security method

Abstract: Disclosed is a password security method in a man-machine system for keeping the secrecy of a password during a setting process of the system. To keep not only the secret of the password but also the presence of the password from unauthorized users, the method comprises a prompt displaying step for prompting to enter an equipment name and not prompting to enter the password; a password discriminating step to discriminate whether or not a correct password is entered; a step for entering a normal mode when the correct password is not detected; and step for entering a password mode when the correct password is detected.

When A Password Is Not A Password

Abstract: Single-factor password technology is not appropriate in today’s networked environment. Powerful workstations, file servers, and remotely accessible mainfraimes require new high tech computer security solutions. Often, the technologies available and the reasons for them are not well understood. This presentation focuses on the less obvious vulnerabilities of information systems and the philosophy and technology behind two-factor identification, authentication, and access control systems; and how they can be technically overlaid for implementation in existing environments. The theoretical issues associated with using ignition keys stored in tokens versus transmitting them in both clear text and encrypted form are discussed.

The Characteristics of User-Generated Passwords

Abstract: : The most widely used mechanism for access control to information systems is passwords. Passwords can be machine-generated using a list of words stored in a memory bank, machine-generated using a sophisticated algorithm to create a pseudo-random combination of characters or they can be user-generated. User-generated passwords typically take on the characteristics of some type of meaningful detail that is simple in structure and easy to remember. Memorability and security pose a difficult trade-off in password generation. A system security administrator wants passwords that are unpredictable, frequently changed and provide the greatest degree of system security achievable while users want passwords that are simple and easy to remember. When they become difficult to remember they are likely to be written down. Once written down a compromise to security occurs because users tend to store them in insecure places. This thesis looks at user-generated password characteristics. Of particular interest is how password selection, memorability and predictability are affected by the number of characters in a password, the importance and sensitivity of a user's data, a user's work location, how a password was chosen, the frequency of changing a password and the frequency of logging on to a system with a password. Theses.

Password change management system

Abstract: PURPOSE:To improve the effect of security protection of a password by updating a password management file in accordance with information set in the password management file while referring to the log-in name of one who desires to change a password, data of change of the password, and the changed password set out in the password management file. CONSTITUTION:A password change file setting command is input in the present system to activate a password management file setting function 2. A date of change of a password and the changed password are inputted from a terminal 1, and a logged-in name is set in a corresponding password change file 3. After completing the operation, when on the day of the completion of the operation or a later date a machine power-on signal 4 is issued, a password updating function 5 acts to compare a machine calendar 6 and all log-in names with date of change of a password in the pass word change file 3, and for a day before the machine calendar 6, a password corresponding to a relevant log-in name of a password management file 7 is updated to a changed password of the password change file 3 corresponding to each password. With this, the effect of security protection of password can be enhanced.

A security system

Abstract: A security system for controlling access to property having a user operated keyboard to key in and reset a composite password code. An indicator visually displays at least one code symbol varying with time. A memory device stores a current composite password code including at least two code symbols so that upon entry of the keyed-in password code through the keyboard, one of the stored password code symbols is replaced directly by the time varying code symbol to form a regenerated, composite password code which is then compared with the keyed-in password code to grant acess to the property when coincidence occurs between the keyed-in and the regenerated password codes. In response to non-­coincidence, an alerting signal is generated to indicate the incorrect password condition.

A comparison of password techniques

Abstract: : A widely used access control mechanism is the password. Passwords are normally composed of a meaningful detail, such as a name of a person or a sequence of numbers such as birthdate. Any person attempting to gain unauthorized access to a system might need only to look at a personnel record or associate with the person holding the desired password in order to discover the password. Therefore, there is a compromise between user memorability and security of a system. Exploration into other methods of user authentication and access control is desired to discover a better alternative to the traditional password system. The alternative are system-generated passwords, pronounceable passwords, passphrases, cognitive passwords and authentication by word association. These methods are discussed and examined. The results from this study show that cognitive passwords and authentication by word association are superior to other methods in access control. Keywords: Information System Security, Authentication, User Identification.