Current access control mechanisms for a resource or a service using one factor authentication tend to have a vulnerability that, once the secret is known to an attacker (perhaps when entered through an un-trusted or bugged device), the attacker may be able to gain access to the service or resource with the complete privileges as that of the user.