Over the years, the popularity of online services, such as websites, web-based email services, and file distribution services, has grown dramatically. In addition to providing other services, online services may enable users to access a variety of information or perform a variety of tasks from connected computing devices around the world.
In order to prevent unauthorized access to the services offered by these online services, online services typically require users to present login or authentication information, such as a username and a password. Because individuals are often users of multiple online services, a single individual may be required to remember a number of usernames and/or passwords. This may lead users to insecurely store passwords on their computer (such as in an unencrypted text file), write passwords on insecurely stored paper (oftentimes attached to or left in the vicinity of the user's computer), or choose identical passwords for multiple online services.
Prior attempts to solve this problem have involved storing users' passwords or login information in a remote device or database, such as an online password vault. Users may access online services that require authentication by retrieving password or login information from such an online password vault and then using the retrieved login information to log into the online service.
In many cases, a user may access such an online password vault from an untrusted computing device, such as a public kiosk or a friend's computer. Unfortunately, accessing this login information from the untrusted machine exposes this sensitive information to theft. This danger is problematic, both for providers and users of online services.