While some websites enable users to freely navigate without requiring the users to log into the websites, more secure websites require user credentials for access. For example, an online banking website may require a user to input a username and password in order to access his or her bank account information. Generally, for these credential-based websites, there exists a need for secure techniques to store user credentials, enable the user credentials to be accessible from any location or device, and enable the entry of the user credentials without third-party interception.
Existing credential management solutions fail to satisfy all of these requirements. For example, even though a portable device-based password manager securely stores credentials on a single device, these password managers still require users to manually enter a master password in order to gain access to the password vault, retrieve the desired credentials from the vault, and then enter the credentials into a browser. Third-party interception of such portable device-based password manager may occur using a key-stroke logger, someone looking over the user's shoulder, or other situations.
As another example of a device-based password manager, a browser-based password vault may avoid key-stroke logger interception but is only useful for the particular device on which the browser-based password vault is stored.
A web-based password manager can generally be used on any device with a network connection and thus is more portable than a browser-based password vault, but the user must trust the remote password vault's security and still avoid key-stroke loggers on the computer they are using.
Accordingly, there is an opportunity to implement embodiments for retrieving user credentials for secure websites from a password vault on a different device. Additionally, there is an opportunity to implement embodiments for securely populating the retrieved user credentials in a browser application to enable access to the secure websites.