CN108268761B - Password verification method and device - Google Patents
Password verification method and device Download PDFInfo
- Publication number
- CN108268761B CN108268761B CN201611266070.7A CN201611266070A CN108268761B CN 108268761 B CN108268761 B CN 108268761B CN 201611266070 A CN201611266070 A CN 201611266070A CN 108268761 B CN108268761 B CN 108268761B
- Authority
- CN
- China
- Prior art keywords
- password
- current
- verified
- transformation function
- original
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Telephone Function (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a password verification method and a password verification device, wherein the password verification method comprises the following steps: acquiring the input times of a password to be verified, wherein the password to be verified is a password which is not matched with the current password; judging whether the input times exceed a judgment threshold or not to obtain a judgment result; and when the judgment result is yes, obtaining a replacement password for replacing the current password so as to take the replacement password as the current password. Through the technical scheme provided by the invention, the difficulty of brute force cracking can be increased, and the technical effect of improving the password security is further achieved.
Description
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a password authentication method and apparatus.
Background
With the development of current network and terminal technologies, passwords become common authentication modes for login and access, for example, login of a network server and terminal equipment, login of a website and a mailbox, access of a wireless local area network, and the like, and the passwords need to be input to obtain access rights. For static passwords, at present, the passwords can be cracked within a certain time through brute force cracking, so that malicious persons illegally obtain access rights, and the rights and interests of authorized users, namely legal users, are damaged.
In the prior art, there are two main solutions for brute force cracking. Firstly, a verification code mode is mainly adopted for website applications to increase the difficulty of cracking, but at present, a program capable of automatically reading the verification code exists, if the verification code is not complex enough, the password can still be cracked, and meanwhile, the verification code can also be failed by bypassing the verification code or learning and identifying functions. The second is account locking, but in this scheme, once an account is locked, even a legitimate user cannot use the account, only an administrator can re-enable the account, which brings inconvenience to the user. Even if the existing realization mode is locking for a short time, unlocking is carried out to recover the normal state after the locking time is exceeded, in the mode, the password cracking time is only prolonged, and the probability of password cracking is not fundamentally reduced.
Therefore, the password of the electronic equipment in the prior art has the technical problem of low security.
Disclosure of Invention
The embodiment of the invention provides a password verification method and a password verification device, which are used for solving the technical problem that the password of electronic equipment in the prior art is low in safety so as to achieve the technical effect of improving the password safety.
A password authentication method, comprising:
acquiring the input times of a password to be verified, wherein the password to be verified is a password which is not matched with the current password;
judging whether the input times exceed a judgment threshold or not to obtain a judgment result;
and when the judgment result is yes, obtaining a replacement password for replacing the current password so as to take the replacement password as the current password.
A password authentication device comprising:
the password verification device comprises a first acquisition unit, a second acquisition unit and a verification unit, wherein the first acquisition unit is used for acquiring the input times of a password to be verified, and the password to be verified is a password which is not matched with the current password;
the first judgment unit is used for judging whether the input times exceed a judgment threshold or not and obtaining a judgment result;
and the second acquisition unit is used for acquiring a replacement password for replacing the current password when the judgment result is yes so as to take the replacement password as the current password.
The invention has the following beneficial effects:
in the embodiment of the invention, when the password to be verified is an error password, the input times of the password to be verified are obtained, and when the input times exceed the judgment threshold, the replacement password for replacing the current password is obtained to be used as the current password. Therefore, the technical scheme provided by the embodiment of the invention can effectively solve the technical problem of low security of the password of the electronic equipment in the prior art, so as to achieve the technical effect of improving the security of the password.
Further, in the embodiment of the present invention, a correspondence between the transformation function and time is obtained; and calling a current transformation function corresponding to the current moment based on the corresponding relation. That is, in the technical scheme, the transformation function changes along with the change of time, so that the situation that the same transformation function is adopted for a long time is avoided, and the current brute force cracking program is difficult to effectively track the transformation function, so that the probability of cracking the password can be further reduced through the technical scheme provided by the invention, and the technical effect of further improving the password security is further achieved.
Further, in the embodiment of the present invention, synchronization information is generated, where the synchronization information at least includes identification information for characterizing the current transformation function; and synchronizing the synchronization information to the electronic equipment or other electronic equipment connected with the electronic equipment so as to calculate the current password after the electronic equipment or other electronic equipment acquires the original password and the current random value input by the user. In other words, in the embodiment of the present invention, after the current password is replaced, synchronization information is generated, and the identification information of the current transformation function is synchronized to the electronic device or other electronic devices through the synchronization information, so that a user can obtain the current password through the electronic device or other electronic devices based on the original password, the current random value, and the current transformation function, and log in an account through the current password, thereby preventing the user from being unable to continue to use the account without knowing the transformed current password, and further achieving a technical effect of improving user experience.
Further, in the embodiment of the present invention, if the password to be verified passes verification, it is determined whether the password to be verified has a flag bit; the flag bit is used for representing that the current password is a replaced password; and if the password to be verified is provided with the zone bit, restoring the current password into the original password. That is, in the technical scheme, when the password to be verified passes the verification and the current password matched with the password to be verified is the replaced password, the current password is restored to the original password, so that the user can still freely use the password set before, the use of the password which is unfamiliar with the user is avoided, and the technical effect of providing better experience for the user is further achieved.
Drawings
Fig. 1 is a flowchart illustrating a specific implementation of a password authentication method according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a password verification apparatus according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a discovery apparatus according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In order to achieve the purpose of the invention, in the embodiment of the invention, when the password to be verified is an error password, the input times of the password to be verified are obtained, and when the input times exceed the judgment threshold, the replacement password for replacing the current password is obtained, so that the replacement password is used as the current password. Therefore, the technical scheme provided by the embodiment of the invention can effectively solve the technical problem of low security of the password of the electronic equipment in the prior art, so as to achieve the technical effect of improving the security of the password.
In one aspect
Referring to fig. 1, a password verification method provided in an embodiment of the present invention includes the following steps:
s101: acquiring the input times of a password to be verified, wherein the password to be verified is a password which is not matched with the current password;
s102: judging whether the input times exceed a judgment threshold or not to obtain a judgment result;
s103: and when the judgment result is yes, obtaining a replacement password for replacing the current password so as to take the replacement password as the current password.
The password verification method provided by the embodiment of the invention can be applied to the following application scenes including but not limited to:
1. device login, which exists in a variety of forms including but not limited to: a mobility communication device, such as: notebook computers, smart phones, etc.; or ultra-mobile personal computer devices such as: PAD, MID, etc.; or a server, or other devices with data interaction functions, which are not specifically limited in the embodiments of the present invention.
The device login specifically may be local login of the device or remote login through the device, and here, there is no need to exemplify one by one;
2. login of an application on a device, such as: the installed e-mail, chat software, shopping website, etc. on the aforementioned device, or other application programs, are not specifically limited in the embodiment of the present invention;
3. network access login of a device, such as: WIFI wireless networks, ZIGBEE wireless networks, etc., or other wireless networks, which are not illustrated herein.
In the embodiment of the present invention, step S101 is first executed: and acquiring the input times of the password to be verified, wherein the password to be verified is a password which is not matched with the current password.
In the embodiment of the present invention, as to the specific implementation process of step S101, the following steps are specifically included:
determining whether the password to be verified passes verification;
and if the password to be verified is not verified, acquiring the input times of the password to be verified.
In the embodiment of the present invention, the current password and/or the replacement password may be composed of numbers, characters, or both of numbers and passwords, or in other forms, which are not specifically limited in the embodiment of the present invention.
In this embodiment of the present invention, the current password may be an original password, that is, a password initially set by a user of the electronic device, or may be a replacement password of the original password, which is not specifically limited in this embodiment of the present invention.
In the specific implementation process, after the password to be verified is obtained, the password to be verified is matched with the current password, and when the matching is unsuccessful, the input times of the password to be verified, namely the input times of the wrong password, are obtained. In the embodiment of the present invention, the number of times of inputting the password to be verified may be the number of times of continuously inputting the wrong password, such as: the number of continuous inputs may be input within one day, may also be input within ten days, may also be input within fifteen days, and is not specifically limited in the embodiment of the present invention;
in the embodiment of the present invention, the input times of the password to be verified may also be the continuous input times of the wrong password within a preset time interval, such as: inputting for 5 times, 10 times or 15 times within 1 hour; the number of times of inputting the password to be verified may also be a combination of the two cases, and a person skilled in the art may select the password according to actual needs, which is not specifically limited in the embodiment of the present invention.
In the embodiment of the invention, before the input times of the password to be verified are acquired, whether the electronic equipment is in an enabling state or not can be determined, wherein when the electronic equipment is in the enabling state, the user is indicated to allow the current password to be replaced when the input times of the wrong password exceed the limit judgment threshold; when the electronic equipment is in the non-enabled state, the user is indicated that the current password is not allowed to be changed. Through the technical scheme, the user can set according to actual needs, the use habits of the user are better met, and the technical effect of improving the user experience is further achieved.
After step S101 is executed, step S102 is executed:
judging whether the input times exceed a judgment threshold or not to obtain a judgment result;
in the embodiment of the present invention, the determination threshold may specifically be a preset number of times of continuous input of an incorrect password, such as: 10, 20, or 30 times; or the preset error password is continuously input for times at a certain time interval, such as: inputting 10 times, 20 times or 30 times in 1 hour; or the input is performed 10 times, 20 times or 30 times for 2 hours, and the setting can be performed by a person skilled in the art according to the actual requirement; of course, the decision threshold may also be a combination of the two, and a person skilled in the art may set the decision threshold according to actual needs, which is not specifically limited in the embodiment of the present invention.
In the embodiment of the invention, the input times are compared with the judgment threshold to obtain the judgment result. In the specific implementation process, the input times of the password to be verified are continuous input times, the judgment threshold is continuously input for 10 times, when the input times of the password to be verified are 11 times, the password to be verified exceeds the judgment threshold, and the judgment result obtained at this time is yes; if the number of times of inputting the password to be verified is 5 and is lower than the judgment threshold, the obtained judgment result is no, and here, the example is not repeated.
In the specific implementation process, if the determination threshold is continuously input for 10 times, for example, in order to avoid frequent subsequent replacement of the current password, when the password to be verified is input for 11 times and exceeds the determination threshold, the count of the input times of the password to be verified is cleared, so as to enter the next round of judgment.
In the embodiment of the present invention, if the determination result is yes, step S103 is executed: and when the judgment result is yes, obtaining a replacement password for replacing the current password so as to take the replacement password as the current password.
In the embodiment of the present invention, specific implementation processes of step S103 include, but are not limited to, the following two implementation manners, which are described in detail below.
First implementation
Calling a current transformation function for transforming the current password;
and obtaining a replacement password for replacing the current password based on the current transformation function, the original password and the current random value, wherein the original password is a password set by a user.
In a specific implementation process, when the input number exceeds the determination threshold, a current transformation function for transforming the current password is called, which may be specifically represented as the following equation:
f(t)(orig,R)=Changed
in the embodiment of the present invention, the variable of the current transformation function is orig, i.e. the original password, R random value. In the embodiment of the present invention, R may be a random number, a random character string, or a combination of a random number and a random character string, and is not particularly limited in the embodiment of the present invention. In the specific implementation process, R is updated in real time each time the transformation function is called, so that the composition of the transformed replacement password is more random, and the difficulty of password cracking is increased.
And after the current transformation function is called, transforming the current password according to the current transformation function, the original password and the random value R to obtain a replacement password for replacing the current password.
According to the technical scheme, the current password is transformed through the current transformation function, so that the transformed password composition is more random, the probability of falling into a dictionary is reduced, the cracking difficulty is increased, the password security is correspondingly improved, and the information of a user is prevented from being stolen.
In the embodiment of the present invention, the calling the current transformation function includes, but is not limited to, the following two implementations, which are described below separately.
1. In the embodiment of the invention, in order to further reduce the probability of password cracking, in the specific implementation process, the following steps are carried out: calling a specific implementation process of a current transformation function for transforming the current password, comprising:
acquiring the corresponding relation between a transformation function and time;
and calling a current transformation function corresponding to the current moment based on the corresponding relation.
In the embodiment of the present invention, the transformation function may specifically be a set of functions, that is, different calling functions are corresponding to different time points, for example: 24 hours a day, in different time periods, the corresponding current transformation functions are different, such as: if the calculation is started from the zero point of one day, the current transformation function called at the time of nine am is f (9), and the current transformation function called at the time of afternoon is f (13), please refer to table 1.
TABLE 1
| Time of day | Transformation function |
| 00:00-01:00 | f(1) |
| 01:00-02:00 | f(2) |
| … | … |
| 09:00:10:00 | f(9) |
| … | … |
| 23:00-24:00 | f(24) |
In the embodiment of the invention, the transformation function changes along with the change of time, so that the situation that the same transformation function is adopted in a long period of time is avoided, and the transformation function is difficult to be effectively tracked by the existing brute force cracking program, therefore, the probability of cracking the password can be further reduced by the technical scheme, and the technical effect of further improving the password security is further achieved.
2. The invoking a current transformation function for transforming the current password comprises:
determining whether the call at the current moment is the first call within a preset range;
and if the password is called for the first time, calling a current transformation function for transforming the current password.
In the embodiment of the present invention, the predetermined range may specifically be whether the call at the current time is within a set call frequency range, for example: 5, 10 or 15 consecutive calls; or within a set time range such as: 09:00-10:00 or 10:00-11:00 or 13:00-15:00 or other predetermined time ranges, which can be set by one skilled in the art according to actual needs and are not particularly limited in the embodiments of the present invention.
In the specific implementation process, the predetermined range is a set time range, the set time range is 09:00-10:00 as an example, if the current time is 09:10, it is determined whether the call at the time is the first call within the set time range, and if the current call is the first call, the current transformation function is called.
If the call is not the first call, the call of the current transformation function is forbidden. In this case, the current password does not need to be transformed until polling reaches the next predetermined time range, and then the current transformation function is called to transform the current password.
Through the technical scheme of the embodiment of the invention, the randomness of the composition of the replaced password can be ensured, the difficulty of password cracking is increased, and the frequent updating of the current password can be avoided, so that the load of the electronic equipment is increased. Therefore, the technical effect of avoiding increasing the load of the electronic equipment while improving the password security is achieved.
In the embodiment of the present invention, a person skilled in the art may adopt any one of the above two implementations, or a combination of the above two implementations, such as: when the call at the current time is the first call within the set time range, the current transformation function corresponding to the current time is called, and the current password is transformed to obtain the transformed replacement password, which is not specifically limited in the embodiment of the present invention.
Second implementation
Acquiring a password table;
a replacement password for replacing the current password is randomly determined from the password criteria.
In a specific implementation process, the password table may be stored in a storage space of the electronic device in advance, and in order to save the storage space of the electronic device, the standard password table may also be stored in other electronic devices connected to the electronic device, and when it is needed, the standard password table is obtained from the other electronic devices.
In the embodiment of the invention, when the input times exceed the judgment threshold, the replacement password for replacing the current password is randomly determined from the password table, and the randomness of the replacement password is further increased.
For the above two implementations, one of ordinary skill in the art can perform any one of them or a combination of them according to actual needs, such as: the first time, the current password is transformed by calling the current transformation function to obtain the replacement password, and the second time, the replacement password different from the current password is selected from the standard password table, which is not specifically limited in the embodiment of the present invention.
Further, in this embodiment of the present invention, with respect to the first implementation manner, in order to enable the user of the electronic device to continue to use the account corresponding to the current password after the current password is changed, when the determination result is yes, after the replacement password for replacing the current password is obtained, the method further includes:
displaying a password input area for inputting a password on a display screen of the electronic equipment, and simultaneously displaying the current random value on the display screen so that a user can obtain the current password through the current random value and the original password.
In a specific implementation process, the current random value R is displayed on the display screen, after the user sees the current random value R, the user knows that the original password is replaced, and obtains the current password through a program for calculating the current password in the electronic equipment or other electronic equipment connected with the electronic equipment according to the original password and the current random value R displayed on the display screen.
Further, in this embodiment of the present invention, after the calling the current transformation function for transforming the current password, the method further includes:
generating synchronization information, wherein the synchronization information at least comprises identification information for representing the current transformation function;
synchronizing the synchronization information to the electronic device or other electronic devices connected to the electronic device, so as to calculate the current password after the electronic device or other electronic devices obtain the original password and the current random value input by the user.
In a specific implementation process, after a current transformation function for transforming the current password is called, synchronization information is generated, where the synchronization information at least includes identification information for characterizing the current transformation function, and the identification information may be a number, a character, or a combination of a number and a character, which is not specifically limited in the embodiment of the present invention.
Specifically, the identification information is, for example, a number, such as: the identification information of the transformation function f (1) is 1, and the identification information of the transformation function f (2) is 2, which is not illustrated here.
In the embodiment of the present invention, a user may obtain a current password through a program for calculating the current password on the electronic device, or may obtain the current password through a program for calculating the current password on another electronic device connected to the electronic device.
For the two schemes, after the synchronization information is generated, there are two situations for the synchronization of the synchronization information, specifically, if the current password is obtained through the program for calculating the current password on the electronic device, the synchronization information is synchronized to the program for calculating the current password in the electronic device. In obtaining the synchronization information, taking 1 as an example, the program may obtain the transformation function f (1) corresponding to the identification information 1, and then after obtaining the original password and the current random value input by the user, may calculate the current password.
And synchronizing the synchronous information to the program for calculating the current password in other electronic equipment connected with the electronic equipment after the current password is obtained through the program for calculating the current password in other electronic equipment connected with the electronic equipment. In obtaining the synchronization information, taking 1 as an example, the program may obtain the transformation function f (1) corresponding to the identification information 1, and then after obtaining the original password and the current random value input by the user, may calculate the current password.
Further, in the embodiment of the present invention, after the current password is calculated, for example, the user is prevented from forgetting to replace the password, and in a specific implementation process, the calculated current password may be sent to the user.
In an embodiment of the present invention, for the second implementation manner, after the current password is changed, in order to enable the electronic device user to continue using the account corresponding to the current password, after the obtaining a replacement password for replacing the current password when the determination result is yes, the method further includes:
and outputting prompt information on a display screen of the electronic equipment to prompt a user that the current password is replaced while displaying a password input area for inputting the password on the display screen.
For this situation, in a specific implementation process, after replacing the current password, the replacement password is replaced according to a preset manner, such as: and sending the current password to other electronic equipment connected with the electronic equipment according to a preset time interval so that the user can obtain the current password, namely the replacement password through the other electronic equipment.
Through the technical scheme, after the electronic equipment replaces the current password, the user of the electronic equipment can still be ensured to log in the account through the current password, so that the situation that the user cannot continue to use the account without knowing the changed current password is avoided, and the technical effect of improving the user experience is achieved.
In the embodiment of the present invention, the above part is a flow executed when the password to be authenticated does not pass the authentication, and the following describes a flow that needs to be executed when the password to be authenticated passes the authentication, specifically including the following steps:
if the password to be verified passes the verification, determining whether the password to be verified has a flag bit; the flag bit is used for representing that the current password is a replaced password;
and if the password to be verified is provided with the zone bit, restoring the current password into the original password.
In the embodiment of the present invention, according to the description of the execution flow when the password to be verified fails to be verified, when the current password is replaced, a flag bit is set for the replacement after replacement, that is, the replacement is used to represent that the current password is a replaced password.
In the specific implementation process, when the password to be verified passes the verification, it is first determined whether the password to be verified has a flag bit, such as: flag-c, 1, or 0, or a flag bit represented in another form. If the password to be verified has a flag bit, it indicates that the current password is a replaced password, and in this case, the current password needs to be restored to the original password, that is, the password set by the user. Specifically, the current password is 01a01, the original password is 10B10, for example, at this time, if the password to be verified is 01a01, and the current password is matched with the current password, the current password is restored to the original 10B10, which is the password initially set by the user, so as to facilitate subsequent use by the user.
Through the technical scheme, after the original password is replaced, the user inputs the new password to be verified again, and when the new password to be verified passes verification, the replaced password is recovered to the original password, so that the user can still freely use the password set before, the user is prevented from using the password which is unfamiliar with the user, and the technical effect of providing better experience for the user is achieved.
Second aspect of the invention
Based on the same inventive concept of the first aspect, please refer to fig. 2, an embodiment of the present invention further provides a password authentication apparatus, including:
a first obtaining unit 200, configured to obtain an input frequency of a password to be authenticated, where the password to be authenticated is a password that does not match a current password;
a first judging unit 201, configured to judge whether the input frequency exceeds a judgment threshold, and obtain a judgment result;
a second obtaining unit 202, configured to, when the determination result is yes, obtain a replacement password for replacing the current password, so as to use the replacement password as the current password.
Optionally, the second obtaining unit 202 is configured to:
calling a current transformation function for transforming the current password;
and obtaining a replacement password for replacing the original password based on the current transformation function, the original password and the current random value, wherein the original password is a password set by a user.
Optionally, the second obtaining unit 202 is configured to:
acquiring the corresponding relation between a transformation function and time;
and calling a current transformation function corresponding to the current moment based on the corresponding relation.
Optionally, the second obtaining unit 202 is configured to:
determining whether the call at the current moment is the first call within a preset range;
and if the password is called for the first time, calling a current transformation function for transforming the current password.
Optionally, the apparatus further comprises:
the first display unit is used for displaying a password input area for inputting a password on a display screen of the password verification device and displaying the current random value on the display screen at the same time so that the user can obtain the current password through the current random value and the original password.
Optionally, the apparatus further comprises:
a first generating unit, configured to generate synchronization information, where the synchronization information at least includes identification information used for characterizing the current transformation function;
a first synchronization unit, configured to synchronize the synchronization information to the password authentication device or another device connected to the password authentication device, so as to calculate the current password after the password authentication device or the other device obtains the original password and the current random value input by the user.
Optionally, the first obtaining unit is configured to 200:
determining whether the password to be verified passes verification;
and if the password to be verified is not verified, acquiring the input times of the password to be verified.
Optionally, the apparatus further comprises:
the first determining unit is used for determining whether the password to be verified has a flag bit or not if the password to be verified passes verification; the flag bit is used for representing that the current password is a replaced password;
and the first recovery unit is used for recovering the current password into the original password if the password to be verified is provided with the zone bit.
EXAMPLE III
Referring to fig. 3, a discovery apparatus according to an embodiment of the present invention includes:
a first receiving unit 300, configured to receive synchronization information sent by an electronic device connected to the discovery apparatus, where the synchronization information at least includes identification information used for characterizing a current transformation function; the current transformation function is used for transforming the current password of the electronic equipment to obtain a function of replacing the current password when the input times exceed a judgment threshold; the input times are the input times of the password to be verified which is not matched with the current password;
a first obtaining unit 301, configured to obtain the current transformation function based on the synchronization information;
a second obtaining unit 302, configured to obtain an original password and a current random value;
a third obtaining unit 303, configured to obtain the replacement password based on the original password, the current random value, and the current transformation function.
The above embodiments are only used to describe the technical solutions of the present application in detail, but the above embodiments are only used to help understanding the method and the core idea of the present invention, and should not be construed as limiting the present invention. Those skilled in the art should also appreciate that they can easily conceive of various changes and substitutions within the technical scope of the present disclosure.
Claims (16)
1. A method of password authentication, comprising:
acquiring the input times of a password to be verified, wherein the password to be verified is a password which is not matched with the current password;
judging whether the input times exceed a judgment threshold or not to obtain a judgment result;
when the judgment result is yes, obtaining a replacement password for replacing the current password so as to take the replacement password as the current password;
wherein the obtaining a replacement password for replacing the current password comprises:
calling a current transformation function for transforming the current password;
and obtaining a replacement password for replacing the current password based on the current transformation function, the original password and the current random value, wherein the original password is a password set by a user.
2. The method of claim 1, wherein said invoking a current transformation function for transforming the current password comprises:
acquiring the corresponding relation between a transformation function and time;
and calling a current transformation function corresponding to the current moment based on the corresponding relation.
3. The method of claim 1, wherein said invoking a current transformation function for transforming the current password comprises:
determining whether the call at the current moment is the first call within a preset range;
and if the password is called for the first time, calling a current transformation function for transforming the current password.
4. The method of claim 1, wherein after obtaining a replacement password for replacing the current password when the determination result is yes, the method further comprises:
displaying a password input area for inputting a password on a display screen of the electronic equipment, and simultaneously displaying the current random value on the display screen so that the user can obtain the current password through the current random value and the original password.
5. The method of claim 4, wherein after the calling a current transformation function for transforming the original password, the method further comprises:
generating synchronization information, wherein the synchronization information at least comprises identification information for representing the current transformation function;
synchronizing the synchronization information to the electronic device or other electronic devices connected to the electronic device, so as to calculate the current password after the electronic device or other electronic devices obtain the original password and the current random value input by the user.
6. The method of claim 1, wherein obtaining the number of inputs of the password to be authenticated comprises:
determining whether the password to be verified passes verification;
and if the password to be verified is not verified, acquiring the input times of the password to be verified.
7. The method of claim 6, wherein after the determining whether the password to be authenticated is authenticated, the method further comprises:
if the password to be verified passes the verification, determining whether the password to be verified has a flag bit; the flag bit is used for representing that the current password is a replaced password;
and if the password to be verified is provided with the zone bit, restoring the current password into the original password.
8. A password authentication apparatus, comprising:
the password verification device comprises a first acquisition unit, a second acquisition unit and a verification unit, wherein the first acquisition unit is used for acquiring the input times of a password to be verified, and the password to be verified is a password which is not matched with the current password;
the first judgment unit is used for judging whether the input times exceed a judgment threshold or not and obtaining a judgment result;
a second obtaining unit, configured to, when the determination result is yes, obtain a replacement password for replacing the current password, so as to use the replacement password as the current password;
the second obtaining unit is further configured to call a current transformation function for transforming the current password;
and obtaining a replacement password for replacing the current password based on the current transformation function, the original password and the current random value, wherein the original password is a password set by a user.
9. The apparatus of claim 8, wherein the second obtaining unit is to:
calling a current transformation function for transforming the current password;
and obtaining a replacement password for replacing the current password based on the current transformation function, the original password and the current random value, wherein the original password is a password set by a user.
10. The apparatus of claim 9, wherein the second obtaining unit is to:
acquiring the corresponding relation between a transformation function and time;
and calling a current transformation function corresponding to the current moment based on the corresponding relation.
11. The apparatus of claim 9, wherein the second obtaining unit is to:
determining whether the call at the current moment is the first call within a preset range;
and if the password is called for the first time, calling a current transformation function for transforming the current password.
12. The apparatus of claim 9, wherein the apparatus further comprises:
the first display unit is used for displaying a password input area for inputting a password on a display screen of the password verification device and displaying the current random value on the display screen at the same time so that the user can obtain the current password through the current random value and the original password.
13. The apparatus of claim 9, wherein the apparatus further comprises:
a first generating unit, configured to generate synchronization information, where the synchronization information at least includes identification information used for characterizing the current transformation function;
a first synchronization unit, configured to synchronize the synchronization information to the password authentication device or another device connected to the password authentication device, so as to calculate the current password after the password authentication device or the other device obtains the original password and the current random value input by the user.
14. The apparatus of claim 8, wherein the first obtaining unit is to:
determining whether the password to be verified passes verification;
and if the password to be verified is not verified, acquiring the input times of the password to be verified.
15. The apparatus of claim 14, wherein the apparatus further comprises:
the first determining unit is used for determining whether the password to be verified has a flag bit or not if the password to be verified passes verification; the flag bit is used for representing that the current password is a replaced password;
and the first recovery unit is used for recovering the current password into the original password if the password to be verified is provided with the zone bit.
16. A discovery apparatus, comprising:
a first receiving unit, configured to receive synchronization information sent by an electronic device connected to the discovery apparatus, where the synchronization information at least includes identification information used for characterizing a current transformation function; the current transformation function is used for transforming the current password of the electronic equipment to obtain a function of replacing the current password when the input times exceed a judgment threshold; the input times are the input times of the password to be verified which is not matched with the current password;
a first obtaining unit configured to obtain the current transformation function based on the synchronization information;
the second acquisition unit is used for acquiring the original password and the current random value;
a third obtaining unit, configured to obtain the replacement password based on the original password, the current random value, and the current transformation function.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611266070.7A CN108268761B (en) | 2016-12-31 | 2016-12-31 | Password verification method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611266070.7A CN108268761B (en) | 2016-12-31 | 2016-12-31 | Password verification method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108268761A CN108268761A (en) | 2018-07-10 |
| CN108268761B true CN108268761B (en) | 2020-03-24 |
Family
ID=62770212
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201611266070.7A Active CN108268761B (en) | 2016-12-31 | 2016-12-31 | Password verification method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108268761B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110321680B (en) * | 2019-06-26 | 2021-06-04 | 维沃移动通信有限公司 | Identity verification method and terminal equipment |
| CN111405006B (en) * | 2020-03-06 | 2022-07-12 | 北京奇艺世纪科技有限公司 | Method and device for processing remote login failure and remote login system |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102693380A (en) * | 2012-05-07 | 2012-09-26 | 李良 | Password authentication method |
| CN104318186A (en) * | 2014-09-28 | 2015-01-28 | 厦门美图移动科技有限公司 | Code switching method, equipment and terminal |
| CN104899504A (en) * | 2014-03-07 | 2015-09-09 | 腾讯科技(深圳)有限公司 | Identity verification method and device |
| CN105357194A (en) * | 2015-10-28 | 2016-02-24 | 广东欧珀移动通信有限公司 | Password updating method and password updating system |
| CN105450413A (en) * | 2014-08-19 | 2016-03-30 | 阿里巴巴集团控股有限公司 | Password-setting method, device, and system |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9646149B2 (en) * | 2014-05-06 | 2017-05-09 | Microsoft Technology Licensing, Llc | Accelerated application authentication and content delivery |
-
2016
- 2016-12-31 CN CN201611266070.7A patent/CN108268761B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102693380A (en) * | 2012-05-07 | 2012-09-26 | 李良 | Password authentication method |
| CN104899504A (en) * | 2014-03-07 | 2015-09-09 | 腾讯科技(深圳)有限公司 | Identity verification method and device |
| CN105450413A (en) * | 2014-08-19 | 2016-03-30 | 阿里巴巴集团控股有限公司 | Password-setting method, device, and system |
| CN104318186A (en) * | 2014-09-28 | 2015-01-28 | 厦门美图移动科技有限公司 | Code switching method, equipment and terminal |
| CN105357194A (en) * | 2015-10-28 | 2016-02-24 | 广东欧珀移动通信有限公司 | Password updating method and password updating system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108268761A (en) | 2018-07-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Takada et al. | Awase-E: Image-based authentication for mobile phones using user’s favorite images | |
| US8904494B2 (en) | System and method to facilitate compliance with COPPA for website registration | |
| US9131377B2 (en) | Method and apparatus for unlocking operating system | |
| EP2857947B1 (en) | Terminal device and unlocking method thereof | |
| US11386202B2 (en) | Apparatus and method for social account access control | |
| US20150271167A1 (en) | Method of Altering Authentication Information to Multiple Systems | |
| US10320848B2 (en) | Smart lockout | |
| TWI718291B (en) | Service provision system, service provision method, and computer program | |
| CN111433770B (en) | Method and apparatus for user authentication and computer readable medium | |
| CN109690541B (en) | Forced failure of random password | |
| CN108259502A (en) | For obtaining the identification method of interface access rights, server-side and storage medium | |
| CN108289129B (en) | Block chain ecological environment creating method and system and computer readable storage medium | |
| CN103064607A (en) | Method and system for unlocking device with touch screen | |
| US11398902B2 (en) | Systems and methods for non-deterministic multi-party, multi-user sender-receiver authentication and non-repudiatable resilient authorized access to secret data | |
| US10447673B2 (en) | Information processing apparatus, information processing method, and computer program | |
| EP3937040B1 (en) | Systems and methods for securing login access | |
| CN102457491A (en) | Dynamic identity authenticating method and system | |
| CN108268761B (en) | Password verification method and device | |
| CN104917737B (en) | User account protection method and device | |
| US20150143510A1 (en) | Systems and methods for notifying a user of a user entry that matches security information and for hiding display of a user entry that matches security information | |
| CN115879090A (en) | Account login method and device, electronic equipment and storage medium | |
| CN107172106B (en) | Security information interaction method and system | |
| CN111753289A (en) | Password authentication method and device, electronic equipment and computer readable storage medium | |
| CN104519073A (en) | AAA multi-factor security-enhanced authentication method | |
| Behl et al. | Multi-level scalable textual-graphical password authentication scheme for web based applications |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |