Computing device users may use accounts to access various computing resources, such as web services, television, movies, games, music, applications, and so forth. Authentication of users to prove the users “are who they say they are”, differentiate between users, and provide selective access to computing resources is a persistent challenge faced by service providers. Traditionally, authentication techniques for a device involve sign-in of users to accounts using shared secrets such as passwords and/or digital tokens (e.g. ticket granting tickets TGTs, encrypted blobs, cookies, or other sign-on credentials). Generally, a single user account at a time is activated on a particular device and privileges associated with the activated account (e.g., the “logged-on” account) control the resources that may be accessed. In a traditional approach, content restrictions, such as aged based restrictions for children established by parents or access/security restrictions established for employees by employers (e.g., a system administrator), are coupled to the logged-in account.
However, coupling of content restrictions to a logged-in account may not be ideal for multiple user scenarios, such as for families that prefer to share a single family account, viewing of movies or other media content by multiple parties at the same time, and/or in business collaboration sessions and/or meetings among parties having different access levels. For example, an under-aged user may have access to restricted content when using a parent's account or when watching television programming along with a parent. Likewise, protected content may be inadvertently shared with participants in a business collaboration that lack permission to view the protected content when content restrictions are coupled to the logged-in account. Thus, although account based authentication techniques may be effective, there are some drawbacks associated with existing techniques, particularly in relation to multiple user scenarios.