Internet users need to keep track of numerous passwords and user names associated each time to more and more internet services (email, social networks, personal areas on web sites banking accounts, chats, personal web sites, etc.). The secure storage of these users' credentials has become a critical issue with the development of internet.
So far, the most common solutions for managing such credentials can be categorized in the following groups:
Web Browser Credential Storing Management:
All current web browsers provide password protected key store and auto fill mechanisms. However, the large number of vulnerabilities detected on these systems advice against their use.
Operating System Native Credential Management:
Up to now, only UNIX based operating systems offers safe mechanisms for users credential custody. However, at the moment, the usage of these Unix based Operating System is much less spread that the usage of Windows systems. Besides, Unix based Operating Systems also present the intrinsic problem that they can only be used by a single user per session and computer, thus preventing the use of such solutions for shared computers and cloud computing environments.
Dedicated Applications for Password Managing Tasks:
These applications typically store all users' credentials in a cipher and encrypted file in the PC protected by a single password. However, this type of solution is also vulnerable as the credentials can be stolen and manipulated if the PC is hacked.
Method for Authenticating User Based on Authentication Server:
Such a method requires a network interface unit capable of communicating with computing devices sending and receiving the authentication requests. This method requires also to communicating authentication information from the user a storage unit for the users credentials and profiles and the authentication which analyze the authentication information.
The effectiveness in terms of authentication security is rather high with this last method but it unfortunately has the drawback of requiring special modifications in the websites in order to allow communicating with network interfaces, thus rendering difficult a mass market adoption of this type of method.
Therefore, although the internet industry has constantly tried to provide safer methods for user credentials storage and custody, none of the current solutions can offer the expected level of security.