In order to gain access to applications, systems, and/or other resources via a computer or another user device, users are often required to authenticate themselves by entering authentication information. Such authentication information may include, for example, passwords, secrets, and/or security tokens. Such authentication information may include, for example, one-time passwords or login tokens.
Challenges facing existing token-based user authentication techniques, however, can include attacks by an adversary that compromises and/or impersonates a user by stealing the user's credentials. In other attacks, an adversary can control the operation of an authentication server over an extended period of time, wherein such an adversary can subvert the authentication process, impersonating a user even if the user's credentials are periodically refreshed.