Transparently updating user credentials

摘要

A user password is obfuscated using a first obfuscation algorithm and stored. A security module receives a password from a user a first time and, in response thereto, obfuscates the password using a second obfuscation algorithm and stores the obfuscated password. The security module subsequently receives the password from the user a second time. In response thereto, the security module obfuscates the password using the second algorithm a second time and compares the results of the obfuscation with the stored password obfuscated using the second algorithm. If the results of the obfuscation and the stored password obfuscated using the second algorithm match, the security module replaces the stored password obfuscated using the first algorithm with the password obfuscated using the second algorithm. The operations are performed transparently to the user associated with the password.

主权项

1. A computer-implemented method of updating a stored obfuscated password, the computer-implemented method comprising executing instructions in a computing system to perform the operations of:
receiving a password from a user in conjunction with a request to login to the computing system, obfuscating the password using an obfuscation algorithm to generate an obfuscated password, determining whether the obfuscated password matches a previously stored obfuscated password for the user, and in response to determining that the obfuscated password matches the previously stored obfuscated password, obfuscating the password with a second obfuscation algorithm to generate an updated obfuscated password, and storing the updated obfuscated password; and receiving a second password from the user in conjunction with a second request to login to the computing system after the user has logged out of the computing system, obfuscating the second password using the obfuscation algorithm to generate an obfuscated second password, determining whether the obfuscated second password matches the previously stored obfuscated password, and in response to determining that the obfuscated second password matches the previously stored obfuscated password, obfuscating the second password with the second obfuscation algorithm to generate a second updated obfuscated password, determining whether the second updated obfuscated password matches the stored updated obfuscated password and, replacing the previously stored obfuscated password with the updated obfuscated password in response to determining that the second updated obfuscated password matches the stored updated obfuscated password.