Web services are improving security measures by incorporating two-factor authentication methodologies into website access protocols. While some websites require only a single authentication factor, such as a knowledge-based authentication factor (e.g., username and password), an increasing number of websites require two-factor authentication and issue dedicated authentication devices, such as tokens, to registered users to comply with a second, physical, form of authentication (e.g., something that the user physically possesses). A token may use a One Time Password (OTP) generator to generate and display a unique code (e.g., an OTP) every predefined interval (e.g., 30 seconds). A registered user may be required to enter the displayed code after entering a username and a password to be provided with access to a website.
A particular device, such as a token, may only work with a particular issuing website. Consequently, users may accumulate increasing numbers of website-unique devices and may need to bear the burden of possessing, transporting, managing and using multiple devices, of varying types and protocols to access different websites. Alternatively, a software application may be installed on a mobile device (e.g., smart phone) for the mobile device to act as a token for a particular issuing website. A user may need to bear the burden of installing, managing, and/or operating different software applications on a mobile device to access different websites.
Also, a user may need to perform onerous tasks to generate and/or access a code and to manually transpose the code displayed by a mobile device and/or a token. Moreover, web services requiring two-factor authentication may incur the considerable expense and resources to procure, issue, and/or administer website-unique devices and/or software applications.