A brute-force cracking attack is a commonly employed hacking technique, which may be used by a hacker to break into a computer, an e-mail account, an online banking account, an application, a website, or the like by manually guessing passwords. Thus, a strong, complex password may be essential for protecting a user from identity or financial theft.
A conventional password manager may assist in generating and retrieving complex passwords and may store such passwords in an encrypted database or may be calculated on demand. The conventional password manager may be a locally installed software application, an online service accessed through a website portal, or a locally accessed hardware device that serves as a key. Typically, conventional password managers require a user to generate and remember one “master” password to unlock and access any information stored in their databases.
Conventional password managers, however, are problematic in several ways. First, users may not always have in their possession the devices that run the password managers. Second, the randomness of a password generator used by the password manager may not be verifiable. Third, the password manager, no matter how strong, is only as effective as the user-created master password that protects it.