Security data such as usernames, passwords, and PINs are commonly required for a user to access a number of computing resources including websites, financial accounts, shopping accounts, and other protected data. A user may access the protected resource or data using a smartphone, a personal digital assistant, a tablet computer, a laptop, a desktop computer, a kiosk, an ATM terminal, a point-of-sale terminal, or other electronic devices.
The entry of login credentials such as username, password, and PIN data are vulnerable to at least three types of known attack techniques. A covert key logging software residing in the computing device is capable of capturing, recording and reporting keystrokes entered by the user. In scenarios where the user uses a web browser to access a web resource or for authentication, the data communicated between the user device and the web server is also vulnerable to man-in-the-middle attacks. Another form of attach, commonly called cross-site request forgery, can exploit a user's authenticated identity at a website and cause an unauthorized action. These and other security risks may expose the user's protected resources and data to unauthorized access. Accordingly, a need arises for a solution to greatly minimize or eliminate such unauthorized access to confidential and protected data and resources.