Most merchant, issuer, and third party computers require usernames and passwords to access data, and most systems use a username that is easily identifiable for the user (e.g., an email address). These individual organizations can store the username and password login credentials internally, in a cloud storage computer, and/or in an internet traffic monitoring computer.
As passwords become more complex (e.g., capital/lowercase letters, numbers, symbols, minimum number of characters, etc.), users may be tempted to reuse the passwords across various organizations. This can create identical username and password credentials across multiple systems hosted by different organizations.
When such organizations become targets for hackers and other malicious third parties, users' credentials may be compromised. For example, a hacker can compromise a merchant's backend computer system to access a customer database, including usernames and a hashed list of passwords. In another example, a hacker can compromise a merchant's frontend computer system to access usernames and passwords as they are entered by users. In yet another example, a phisher can convince a user to enter username and password details in a third party webpage that looks similar to the merchant's webpage. The phisher may try those same credentials with other issuers, merchants, and third party computers in hopes that the user repeated their login credentials across multiple organization computers.
Thus, despite the best efforts of such organizations, users' data can be compromised in multiple locations across multiple organizations, even when those organizations did not experience a data breach.
Embodiments of the invention address these and other problems, individually and collectively.