The security of resources is of importance in many contexts. Unauthorized access to various types of data, for example, can have numerous adverse consequences, such as unrealized revenue, data loss, a loss of customer goodwill, damage to reputation, and/or even civil or criminal penalties. Likewise, unauthorized access to property, whether physical property or intellectual property, can result in similar adverse consequences, including the loss of the property itself. As a result, many systems have developed over the years for controlling access to resources. An automated teller machine, for example, often requires simultaneous possession of a bank card and a personal identification number (PIN). Various websites and other services provided over the Internet and other networks often require users to enter passwords before certain types of access are granted. Even access to real property often requires proof of possession of some type of credential (e.g., PIN, password, and/or possession of an access card) before access is granted.
In many contexts, it is difficult to find a balance between security and usability. In the case of passwords, for example, users often select passwords to be easy to remember. Typically, this means that passwords contain some type of semantic meaning to their holders. Similarly, PINs often are of a small number of digits (e.g., 4) and also often picked to have some sort of semantic meaning. Therefore, the size of a password space and/or the number of passwords that users actually use is relatively small, making certain types of security attacks (e.g., automated password guessing) more likely to succeed.