Patent attributes
The compromised password mitigation module comprises a compromised password collection module, compromised password storing module, a logging module, account protection module and user database. The compromised password collection module receives or gathers sets login names, compromised password hashes and hash functions. The compromised password collection module provides this gathered information to the compromised password storing module. The compromised password storing module stores this information in user records in the user database. The compromised password hashes and hash functions are advantageously stored along with the actual password hash. The logging module uses the user records when evaluating access to determine whether a submitted password matches both a compromised password hash and an actual password hash. If a match is found, access to the system is denied and additional protective action is taken by decal protection module. If no match is found, the user is allowed to access the system.