One challenge for individuals transacting on the World Wide Web is that separate credentials are typically needed (typically a unique user name and password) for each website that is visited. The use of separate credentials requires individuals to store a variety of usernames and passwords. All too often people write down passwords on a piece of paper or store them in a word processing document on their computer, which makes the passwords vulnerable to identity thieves. Several companies have attempted to develop solutions to this problem. For example, a company named LastPass allows a consumer to store all of his or her passwords in one place and then allows for an expedited login process using the LastPass application. One drawback with LastPass's default settings is that if someone breaches the consumer's local computer and LastPass account, they will be able to break into all of the accounts that are stored within the LastPass user's encrypted vault. A similar problem arises when an individual uses the same username and password across various websites. If one website is breached by a hacker, the hacker may be able to use the stolen credentials across a variety of other sites. As an example of the potential severity of what might occur, Zappos.com had as many as 24 million usernames and password combinations breached in early 2012 which could have led to many other websites being accessed under stolen username/password combinations. And more recently, attacks based on social engineering can be used to reset account passwords where only public information is leveraged to obtain account access. This type of attack led to one Apple user's entire group of devices being remotely wiped of all of his information.
Another problem with current solutions for registering with websites is the challenge that a user faces to quickly and easily complete the registration process. While tools like “auto fill” in website browsers alleviate some registration issues, they don't help if a computer is shared with other users or if some of the data that needs to be entered for registration purposes is confidential and/or sensitive. For example, in most cases a user would not want an auto filler tool storing their credit card number.
The problems associated with managing login credentials have been recognized by a U.S. government program called “The National Strategy for Trusted Identities in Cyberspace (NSTIC)” which strives to “improve upon the passwords currently used to log-in online.” The NSTIC report highlights that “a contributing factor is the unmanageable number of passwords people must remember to access their online accounts. Many people don't even try; they just re-use the same ones for all of their accounts, making it that much easier for identity thieves” (www.nist.gov/nstic/index.html). Additionally, prior art systems like OpenID allow a person to use one set of credentials to log onto other websites (e.g., Yahoo or Facebook). While this indicates that a user doesn't have to keep track of as many credentials, it still results in a situation where if someone breaches those credentials then they would have access to multiple accounts belonging to a user. The NSTIC goes on to state that the new identity systems should be “faster, more convenient, safer, private, and voluntary.” Accordingly, there is a need for a comprehensive identity system that allows easy and secure registration and access to websites while maintaining a high level of security.