In today's world, organizations use various different computer-based applications. Some of these computer applications offer authentication mechanisms in order to identify and control access to information. Using this set of applications brings about the challenge of managing a set of user identities of every user in every application. Typically, a human member of the organization would need to register separately in several authentication systems, providing a passphrase. This passphrase may later be used by these authentication systems to verify the user's identify in an authentication process.
In these types of environments, users tend to supply a single password, or slightly modified password, for every authentication system in use. Passwords need to be remembered by a human user, and consequently chosen passwords which are easy to remember are also weak or easy to guess by another party. Passwords thus become sensitive pieces of information, since if a password is compromised in a single authentication system, all other authentication systems immediately become compromised as well. This brings about the challenge of managing different passwords in different authentication systems.
Another issue is phishing attacks. In a phishing attack, an authorized entity (typically an impostor person) impersonates an authorized entity, and manipulates the user into giving away his or her password. After the user gives away the password, not only a single, authentication system becomes vulnerable, but all other authentication systems—that is, if the exposed password is similar in the other authentication systems. In order to make guessing user passwords more difficult for attackers and other unauthorized entities, some authentication systems enforce a password policy requiring the user to use a password of some minimal length, composed of characters from different character groups (for example, a password that must contain both letters and numbers), and possibly other requirements. Such strong or complex passwords are more difficult to guess.