For purposes of security, many network-based services require remote users to provide information that can be used by the service to authenticate the user as well as determine that user's authorization to use the service. For example, such users are often required to provide a username and password before the service can be used.
Although the procedure described above facilitates authentication and authorization, there are several drawbacks associated with such a procedure, and others like it. For one, the user must provide the required security information (e.g., username/password). This requires the user to either remember the security information or record it in some manner so that it will be accessible to the user when attempting to remotely access the service. In the former case, the user is likely to forget the security information, particularly if, like most computer users, the user possesses several such usernames/passwords. In the latter case, the user risks discovery of the security information by unauthorized persons (as a result of writing it down), which could lead to the perpetration of fraud and/or the exposure of sensitive information.
In addition to those drawbacks, known security procedures typically require creation and maintenance of a security information database that is supported, for instance, by a host device (e.g., server) that acts as an intermediary between the remote user and the network-based service. Although adequate security can be provided using such an arrangement, it requires infrastructure (e.g., a host device) as well as maintenance of security information for every user that registers with the service.