摘要 |
<p>A user inputting his access code into a computing environment to access a transaction is at risk of losing the access code to an attacker who has physical or electronic access to the computing environment. To minimize this risk, the access code can be entered via a plurality of user-selectable fields, each of which takes on a series of values in the initial display (330). The initially displayed values are established in a random or otherwise unpredictable manner using a pseudo-random number generator (310). The user then uses a mouse, keyboard, or other input device (340) to increment each of the selectable fields until the access code is correctly entered. Because of the randomization of the initial state, an attacker tracking the locations or number of mouse clicks or other navigation actions can not determine the finally entered access code by, e.g., computing the offset from a known inital state.</p> |