To access secure areas available on a computer network, such as a company intranet or private areas of a public website, users generally have to enter credentials. However, entering credentials each time may be tedious and time-consuming to the users. Extant solutions to this problem include, for example, password managers. However, password managers often require a master password. In addition, password managers often suffer from vulnerabilities. For example, encrypted passwords stored by the password manager may all be accessed if only the master password is cracked. In another example, password managers that autocomplete login requests may be used by malicious parties if a user's interface device (such as a laptop, tablet, or smartphone) is stolen and subsequently unlocked.
Furthermore, single sign-on suffers from similar vulnerability. For example, access to all resources encompassed by the authorization token may be gained if only one password is cracked. In addition, single sign-on requires centralized authorization servers. Many institutions may be unwilling to offer single sign-on because the safety and reliability of their systems may then depend on other parties managing at least some of the authorization servers.