Currently, access to sensitive data on Internet web sites is protected by passwords. Prior to allowing access, users present login credentials such as a username and a password to web sites. The login credentials are typed into a user-facing device which is accessing a web site over the Internet for comparison to known credentials (i.e., username and password) stored locally at a web site.
Problematically, the comparison paradigm is vulnerable to phishing or key-logging attacks by imposters, hacking or network sniffing, and even guessing by trial and error. Once exposed, the user files and applications are open not only to undetected theft by copying, but to vandalism by deletion. Moreover, the entire account is exposed at once because individually protecting each file and application with a unique password is not practical. Conventional encryption techniques to protect user files and applications are similarly vulnerable, especially when a cryptography key is stored at an end point.
Furthermore, users are currently burdened with memorizing and protecting more and more passwords. Some users have a single, default password which is not recommended because all accounts are vulnerable to a single password interception. Also, various systems have varying strength requirements for passwords. As a result, users are requested to provide hard to memorize passwords that include numbers, capital letters, or non-traditional characters, adding to user confusion.
What is needed is a robust technique to control access to user profiles without passwords, while overcoming the deficiencies of the prior art.