Consumers may use computer network systems, such as the Internet, to access a variety of data, applications, and services, generally referred to herein as online resources.
The methodology employed to reliably verify the identity of a consumer or other user of a computer network system prior to allowing the user access to system resources is generally referred to as authentication. For example, the user may send a username and password to a remote server in order to authenticate the user for access to the resources provided thereby. Cryptography can be used to preserve the confidentiality of the transmitted username and password when authenticating the user.
However, such password-based authentication can be somewhat cumbersome to the user. For example, as each online resource typically requires its users to have unique usernames, a user may be unable to use the same username to access multiple online resources if that username is already in use by another user of any of the online resources. As such, a user may be required to remember several different usernames in order to access different online resources, as well as to keep track of which username was used to set up the account for each online resource. Likewise, each online resource may have different rules as to the types of character strings that may be used as passwords. For example, some websites may require a password to have more than a particular number of characters (e.g. more than 6 characters), others may require a password to be a combination of alphabetic and numeric characters, and still others may require a password to include at least one special character (such as !, @, #, $, %, &, etc.). Thus, in addition to remembering different usernames, a user may also be required to remember several different passwords in order to access different online resources, as well as to keep track of which username-password pair applies to each account.
The use of usernames and passwords for authentication may also present problems from a security perspective. For example, password-based authentication may be vulnerable to keystroke logging applications (where a hidden application records the keystrokes of a user) or phishing attacks (where a user is tricked into revealing his username and password by a masquerading entity). Also, should a user's password for an online resource be compromised by the above or other security issues, the user may be required to create and remember yet another password, thereby compounding the above-mentioned problems associated with remembering and keeping track of different usernames and password combinations for different accounts.