Passwords are often used to gate access to various kinds of resources and processes. A person who wishes to gain access to a resource or process may be asked to enter a password. If the person enters the correct password, then access may be granted. Otherwise, access may be withheld. Mail accounts, shopping accounts, bank accounts, school records, etc., are some examples of things to which access may be password-controlled. One type of password whose use has become common is the one-time password. One-time passwords may be used, for example, as part of a registration process, or as part of a password reset process. Additionally, one-time password generators are increasingly being put in use for day-to-day authentication.
An issue that arises in the use of passwords is that they are subject to certain types of attacks. One type of attack is a phishing attack, in which an attacker attempts to get the holder of a password to provide the password to the attacker. One way of executing a phishing attack is to create a fake web site that looks like the web site into which the user is supposed to enter the password. A user might visit the fake web site accidentally—e.g., by misspelling a part of the real web site's Uniform Resource Locator (URL) when typing the URL into a browser's address bar. In such a case, the user might not notice the error in time, and might enter the password into the fake web site. Thus, the attacker would be in possession of a valid password. Even if the password is intended for one-time use, the attacker would have a valid password that could be used for a short time.