Passwords are commonly used to provide users with secure access to computing and/or network resources. For example, a password may be set with respect to a computer, so that a user of the computer may thereafter be required to enter the password in order to access or modify files, settings, or other resources associated with the computer. In other examples, a user may wish to access network resources using the network, and may be required to enter a previously-designated password in order to do so.
Because the use of passwords in these in similar context is so widespread, it may occur that a given user is associated with a relatively large number of passwords. Consequently, various techniques may be employed to assist users in remembering or otherwise managing their passwords. For example, users often choose to select passwords which have particular significance to them, so as to thereby assist themselves in remembering their passwords. Additionally, various techniques are used to assist users in case the users forget a particular password. For example, it is common to associate a particular password with one or more pieces of information which may separately authenticate a user, so that, based on such independent authentication, the user may be provided with the forgotten password in a secure manner. Somewhat similarly, it is common to associate a given password with information which is intended to provide a hint to the user, to thereby assist the user in remembering the forgotten password.
However, these and similar measures which are used in assisting users in remembering or otherwise managing their various passwords often may provide a point of vulnerability with respect to the passwords. Such vulnerability may be exploited by unauthorized users who wish to gain access to the ostensibly password protected resources.
For example, such an unauthorized user may utilize network resources to perform a search for information personally related to a given authorized user. Such personal information may be published regarding the user by a third party, or may be published by the authorized user (e.g., using a social networking website). In any case, the unauthorized user may be able to search for and locate such published personal information, using commonly available network searching techniques. Once the unauthorized user is in possession of such personal information, the unauthorized user may attempt to utilize the personal information to obtain one or more passwords associated with the authorized user. As a result, a security of the authorized user with respect to one or more computing resources may be compromised or breached.