A method provides device access security via use of periodically changing Quick Response (QR) codes. The method includes: generating (706) a first authentication QR code and assigning (708) the generated QR code as the current authentication mechanism for accessing the device. Contemporaneously with the generation of the QR code, at least one QR code validity parameter is established (710) to define when access to the device can be provided to a second device that provides the correct authentication QR code along with the access request. The method includes, in response to a pre-defined trigger (712) of the QR code validity parameter: generating (704) a new authentication QR code, different from a previously generated authentication QR code; assigning (708) the new authentication QR code as the current authentication mechanism for accessing the device; and enabling access to the first device to only second devices that provide the current authentication QR code.

A card-based method for generating a dynamic password, in which the method comprises: power on a device, initialize a current running state as a first state, prompt a user to press down a mode key, the device determines an operation to be executed when the mode key is pressed down, obtain input data according to the operation on a number key pressed by the user in the case that a number key is pressed down; obtain a confirm state according to the operation on a state key pressed by the user in the case that a state key is pressed down; otherwise, execute a corresponding operation according to the current running state, the corresponding operation comprises: obtain a dynamic password according to the interaction with the card and preset process the password data and output the dynamic password. According to the invention, both internal data of the card held by the user and information input by the user take part in the generation of the dynamic password, thus, the password data is formed to protect from being manipulated so as to make the process of generating a dynamic password more secure.

Exemplary embodiments may use a contactless card as a secondary form of authentication in a multi-factor authentication for a secure messaging service. The recipient party of a request to initiate a messaging service session (such as a server computing device) may be programmed to use the phone number of the originating device to look up records regarding an identity of a party and their associated phone number as a primary credential and then may require an authentication credential originating from the contactless card as a secondary credential for the initiating party. In some instances, the credential originating from the contactless card is a onetime password that is valid only for a period of time. The recipient party determines whether the onetime password is valid. If both credentials are valid, a secure messaging session may be initiated with the initiating party.

The exemplary embodiments include a method to perform, based on at least one of hypertext transport protocol and non-hypertext transport protocol traffic tests failing, sending an hypertext transport protocol message to a subscription remediation server URI that carries a package1 message, receiving an hypertext transport protocol response from the subscription mediation server with a package2 message, and automatically replacing a password with a new value, automatically initiating creation of a new client certificate, or launching a browser to a URI provided in the response to enable user intervention. In addition, to receive an access request from a device, determining whether credentials are valid, and if the credentials are determined valid, sending an access-accept message with a success indication, and if the credentials are determined not valid, sending an access-accept message with a success indication and an indication that access by the device is limited to only a subscription remediation server.

An embodiment includes an automatic policy managed password management system. One embodiment manages changing the password (with little to no user interaction) every set number of days. Also, password changes can be made within a set amount of time from the password being viewed by a user. Further, an embodiment includes a web service that contains an “insert record” method to insert a password management record into a managed machine and/or database with no “pre-work” required to use the web service. For example, no record needs to be created on a database and/or managed machines in advance of deploying passwords via the web service. The web service can be pushed to various machines and when the web service starts up, it may insert its own record into a database or managed client. This allows for scalability. Other embodiments are described herein.

The disclosed computer-implemented method for securing authentication procedures includes (i) monitoring, by a third-party security application, to detect reception of a second factor authentication token as an input to complete a second factor authentication procedure in connection with a second application that is independent from the third-party security application, (ii) verifying, by the third-party security application, whether or not the second factor authentication token was transmitted by a valid server in coordination with the second application as part of an authentic version of the second factor authentication procedure, and (iii) performing a security action to protect a user account based on a result of verifying whether or not the second factor authentication token was transmitted by the valid server in coordination with the second application as part of the authentic version of the second factor authentication procedure.

An operating method for a one-time password with an updatable seed. The method comprises: a one-time password entering a dormancy mode after being powered on and initialized; being woken up when an interrupt is detected; entering an interrupt processing flow; setting a wakeup flag; entering a key processing flow when a key wakeup flag is set; judging a system state and a key manner; and completing the functions of programming seed data and generating a password according to a judgment result. According to the present invention, on the premise of guaranteeing the security, a user is permitted to program and update seed data in a one-time password, thereby facilitating the use of the user.

A network authentication system and method is described for authenticating multiple profile accesses from a single remote device. A device remote from a web server, yet connected to the web server via, for example, the Internet, can allow multiple users to register their profiles within the device. The profiles are registered using a pre-existing user ID and password corresponding to, for example, the user's financial accounts. Multiple profiles and, specifically, the indicia of those profiles, can appear on the display of the remote device allowing each user the ability to select their own registered profile. Access to a profile is granted when the user enters their private PIN. Once the PIN is entered, the private information such as financial account information will be securely forwarded from the web server to the remote device.

To allow more non-enterprise communication endpoints to communicate without having to allocate an extension for every non-enterprise communication endpoint, a request is received to communicate with an enterprise communication system from a non-enterprise communication endpoint. A temporary password is associated with a dynamic communication address (e.g., from a group of dynamic extensions). The temporary password and the dynamic communication address are sent to the non-enterprise communication endpoint. The non-enterprise communication endpoint registers with the communication system using the temporary password and the dynamic communication address. A communication session is established between the non-enterprise communication endpoint and an enterprise communication endpoint using the dynamic communication address. The temporary password is then disassociated from the dynamic communication address, thus freeing up the dynamic communication address for use with another non-enterprise communication endpoint.

An improved technique involves setting an administrator password in a server to a temporary password upon receipt of a request for administrator access to the server. Along these lines, when a support engineer receives a support ticket from a customer, the support engineer sends a request to obtain administrator access to the customer's server to an access control computer. The access control computer, upon receipt of the request, generates a temporary password that grants the support engineer a one-time administrator access to the server. The access control computer then changes the administrator password on the server to the temporary password and reveals the temporary password to the support engineer. At some time either after the engineer obtains administrator access to the server or after some specified time has passed, the access control computer invalidates the temporary password by changing the administrator password to a different password.