Users are increasingly performing tasks using remote computing resources, often referred to as part of “the cloud.” This has many advantages, as users do not have to purchase and maintain dedicated hardware and software, and instead can pay for only those resources that are needed at any given time, where those resources typically will be managed by a resource provider. Because a resource provider will often provide resource access for many different users, various types of credentials can be used to authenticate a source of a request, as well as to demonstrate that the source is authorized to access one or more resources to perform a task for the request. It might be the case, however, that a source of a request becomes compromised, which can enable an unauthorized party or entity to gain access to those resources, which can have various undesirable consequences, such as access to sensitive data or alteration of various functionality.