In order to be able to access various computer resources, such as the Internet, a private network such as an Intranet, or other similar resources, a user must authenticate his right to access the resource through a process variously called a “log-on” or a “sign-on”. A typical process includes submitting an agreed upon name called a “username” and a password. Usually the submission is performed by the user typing in his username and password on an electronic form supplied by the resource.
Many companies have created private networks that mimic the activity of the Internet. These private networks, called Intranets, allow authorized users access to data which the company wishes to keep private. A software structure called a firewall allows a one-way access from an Intranet to the Internet. The firewall allows authorized users of that Intranet to access data from the Internet without allowing external persons on the Internet to access the private Intranet data.
In order to access these Intranets, authorized users sign-on with a username and a password. However, these same users may then wish to access remote servers on the Internet. These remote servers may require their own sign-on authentication for the user.
Each particular user may have a different username for the sign-on for the remote server than for the Intranet. Furthermore, for the sake of maximum security, a different password should be used. However, what has been noticed in practice is that the requirement for multiple usernames and passwords often produces non-secure behavior in many users. They may either use the same password in both situations, or them may use trivial passwords (e.g. “password”). Other forms of non-secure behavior may include writing down the usernames and passwords, and posting these on a user's computer workstation.