Current technology for remote logins requires that a user provide some form of identification (ID) and a password. An ID and password can be stolen or otherwise compromised by sophisticated adversaries utilizing techniques such password sniffing, secretly photographing a login session, using various methods of social engineering to obtain the ID and the password. Currently technology is also vulnerable to rogue employees who voluntarily provide a password and ID to adversaries. Currently technology also may develop a password from a login password or passphrase, which is then used to encrypt data provided by the user. To the extent that such a password or encryption key is stored on a device, it would be subject to discovery by an adversary if the device were stolen.
With respect to the user experience, under current technology the ID and the password have important security implications and must be protected from capture by an adversary. The passwords are typically long and complicated. A challenge is that a user has difficulty remembering the IDs and passwords, and typically maintains lists of these IDs and passwords elsewhere, such as in a “secret” notebook, which the user employs when a login is required. Users often have multiple sets of IDs and passwords that are required for different logins. The IDs and passwords are changed periodically by the site administrator, further compounding the difficulty for the user in maintaining complex IDs and passwords, even when maintained in a secret notebook. As the number of required IDs and passwords grows, the task of maintaining the secret notebook becomes more difficult for the user. Furthermore, the user must suffer the inconvenience of period lockout from his or her account and the risk that an adversary will discover the secret ID and password and steal valuable information.