Many web applications and popular on-line services today use a combination of username and password for authentication. The use of passwords as an authentication mechanism has produced many challenges. One such challenge is that an end user may be required to remember many passwords for the different applications and on-line services used by the end user. Users are generally unable to perform this task properly. For example, the end users commonly choose one master password for all their web applications and services. Alternatively, the end user may write down the passwords, or they simply forget-and-renew them.
A separate category of applications referred to as password managers has emerged to solve this problem. Currently, password managers are typically browser plugins that are able to fill in the credentials directly into web HTML forms, in order to simplify and improve the user experience. This approach, on the other hand, can still make the passwords vulnerable to malicious JavaScript or malicious browser plugins or extensions (generally, to malicious software running in the scope of the web browser). These malicious pieces of software are able to read the password as soon as it is filled in the form and thus compromise the user's account.