The security of computing resources and associated data is of high importance in many contexts. As an example, organizations often utilize networks of computing devices to provide a robust set of services to their users. Networks often span multiple geographic boundaries and often connect with other networks. An organization, for example, may support its operations using both internal networks of computing resources and computing resources managed by others. Computers of the organization, for instance, may communicate with computers of other organizations to access and/or provide data while using services of another organization. In many instances, organizations configure and operate remote networks using hardware managed by other organizations, thereby reducing infrastructure costs and achieving other advantages. With such configurations of computing resources, ensuring that access to the resources and the data they hold is secure can be challenging, especially as the size and complexity of such configurations grow.
To enhance data security, numerous techniques have been developed. For example, the use of username and password combinations has become ubiquitous in various access control contexts. Additional techniques are also often used in addition to or instead of usernames and passwords. A common issue encountered with conventional authentication techniques is the tradeoff between security and usability. For example, passwords are often subject to stringent requirements to cause users to select passwords that are difficult to guess, either by automated processes or human operators. Such requirements may, for instance, require minimum numbers of capital letters, numbers and non-alphanumeric symbols. While such stringent requirements theoretically produce advantages for data security, they often have adverse effects. Stringent requirements, for instance, often make passwords difficult to remember, especially when requirements differ for different systems that each require a password for access. In many instances, users may engage in unsecure behavior to counteract the difficulties encountered in conventional access control systems. Users may, for example, write down or insecurely store passwords as a result of the difficulty of remembering them.