Conventional single sign on (“SSO”) technologies have been used to enable users to log into different service providers via a single sign on. With such technologies, a user need only authenticate to a single entity in order to obtain access to a plurality of associated service providers or the like. Such is particularly helpful with the ever increasing number of web and other services requiring user authentication that a user may wish to access. Various SSO technologies are currently available including Kerberos and Microsoft's .NET Passport or Live ID. While Kerberos may be useful for a single domain environment, it is not considered suitable for use in untrusted environment such as the Internet. Technologies such as Live ID have greatly increased the availability of single sign on services for the Internet, but security issues remain. For example, compromising a single authentication server would jeopardize the whole system since replicas of credentials and profiles tend to be stored in the compromised server. Various distributed SSO systems attempt to address these and related issues. In one example, a plurality of authentication servers may return an encrypted partial ticket to a user that may be used to reconstruct a complete ticket useful for service access. Other techniques for such “secret splitting” methods may alternatively be used. But active attacks tend to not be considered in such schemes. That is, a compromised authentication server of a plurality of such servers may send out incorrect partial tickets or the like, resulting in incorrect tickets and resultant denial of access. Several other problems also exist with conventional distributed SSO technologies.