The present application relates to user authentication and more particularly to authenticating a user operating a client system to a plurality of remote servers, each of which requiring a password for authentication.
Many remotely accessible computer systems require user authentication. The user, presumably operating a client system, must be registered with the remote system and must type in his or her user ID and a password for that remote system every time it is accessed.
One problem presented by the need for user authentication is that if the user accesses multiple remote systems, the user must remember numerous passwords and user IDs. Typical users confronted with this problem will often try to use the same password for each remote system or write down a list of passwords.
Both of these makeshift solutions compromise security. If the same password is used for each remote system, a system administrator of one remote system will be able to obtain passwords usable to access other remote systems. A written list of passwords is an obvious breach of security in that anyone with access to the list will be able to access any of the remote systems.
The problem of authenticating a user to a plurality of remote systems has become particularly apparent in light of the proliferation of limited access sites on the World Wide Web (WWW). Before accessing a site, the user is presented with an authentication form generated by his or her WWW browser requesting a user ID and password. The user must register separately with each such site and maintain multiple passwords. Furthermore, when navigating through the WWW, he or she is frequently interrupted by authentication messages requesting a user ID and password.
One known partial solution is to remember the last user ID and password typed into a WWW browser's authentication form and provide these values as a default the next time the form is brought up. This facilitates navigation of the WWW for users who employ the same user ID and password for multiple sites since logging into subsequent sites after the first one can be done by simply accepting the default. Thus, the problem of interruption by authentication messages is partially ameliorated in that it is easy to respond to the messages. However, the security problem presented by using a common password for multiple sites remains.
What is needed is a convenient yet adequately secure system whereby a user may access multiple remote servers that require passwords.