Want to block common passwords? Sorry, this is patented.
According to Western statistics two years ago, 4.7% of users choose the word “password” as a password, 8.5% choose “password” or “123456”, the 10 most popular passwords cover 14% of the entire user base (40% are the top 100 , 79% - top 500, 91% - top 1000).
When creating a site, it would be quite logical to make a list of commonly used passwords and prohibit them during user registration. It would seem like a logical idea, but ... unfortunately, the authentication process in IT is covered by many patents, writesIT Security Consultant Mark Burnett. They describe the most obvious, well-known and ordinary techniques. It seems that absolutely all possible aspects of choosing a password, the authentication process, storing and restoring information are protected by one or more patents.
- Access control system for a secure system by checking
- Specifying a set of restricted passwords
- Preventing trivial character combinations
- Password strength check method and apparatus
- Proactive password validation method and system
- Method, system and storage environment for determining trivial character combinations in proposed passwords
- Apparatus and method for determining password quality and diversity
And this is only one aspect of using passwords, but there is also the restoration of forgotten passwords , safe password reset , the use of one-time passwords , account lockout , the generation of pronounced passwords , password hints and even backup passwords (backdoors from the manufacturer) . In general, lawyers can even say that this patent describes the essence of the password itself in general, except for prior art in art, namely in the fairy tale about Ali Baba (“Sesame, open up”).
In general, it is amazing how clever entrepreneurs managed to register such a large number of patents on this subject. Probably, they should not have been given out at all. It’s good if they belong to large corporations like IBM, which probably will not sue every small company. But what if patent trolls come to work?
This is a good example of how patents directly harm the information security of computer systems, and therefore all users.