People are increasingly dependent on the Internet and in particular on the World Wide Web. For example, the Web is often used to access emails, conduct business, purchase goods and services, and for online banking, to name just a few things. Many of these activities involve interaction with a Web service via a Web site.
Web services often require proper user authentication to identify a user and establish secure channels with a client computer, such as a user's personal computer (PC). A Web site associated with this type of Web service is sometimes referred to as a secure site. Although many secure authentication schemes have been proposed, a password is still dominantly used in Web applications due to its convenience, and ease in use and deployment. In password-based user authentication, a user is required to input an account identification (often referred to as a user ID) and a password. A Secure Sockets Layer (SSL) connection may be used to secure communications during user authentication.
Paramount to a user ID-password authentication scheme is maintaining security. This includes safeguarding not only the login credentials, but also sensitive data transmissions and critical interactions.