The World Wide Web (commonly referred to as the Web) is a system of interlinked hypertext documents accessed via the Internet. With a Web browser, a user navigates between Web pages (also referred to as websites) using hyperlinks to access information including text, images, videos, and other multimedia.
Many websites require users to create accounts to access or exchange information via the websites. Once a user establishes an account, the user can log into the account to exchange information between the user's (e.g., client's) browser and a website's server(s) over the World Wide Web.
A typical Internet user has many different accounts on a multitude of websites of the World Wide Web. Conventional technology attempts to protect access to sensitive information exchanged through the World Wide Web by requiring simple password authentication, i.e., entry of a unique username and password. As a result, managing different usernames and passwords to access different websites has become a burden to Internet users. Internet users can manage this inconvenience in various ways, including writing sensitive information down on a piece of paper, clicking on a “Forgot Password” or similar link every time a log-in attempt fails, using one of many substandard conventional password management tools, or requesting that a new password be issued.
To log into a typical website from a browser, a user enters his username and password into textboxes on a login page and clicks on a “Log In” button or similar access feature. The browser inserts the username and password into a form object, encapsulates it into an HTTP POST request, and submits it to the website's server. The server authenticates the user, and then redirects the browser to a main page if the authentication is successful. If the user wants to log into other accounts associated with other websites, the user must enter a username and password associated with the other websites—thus, the user often becomes exasperated when he has to enter a username and password for each website he wants to access.
Conventional web browsers (e.g., Mozilla Firefox®) allow users to store various usernames and passwords to a local file when the users enter this information into a login form for the first time. For example, when a user returns to a website for which the browser previously stored a corresponding username and password, Firefox® automatically fills in the login form information (the password masked with asterisks), allowing the user to log in with one click without reentering username or password information. While saving passwords in this way is one means of locally managing passwords, there are several drawbacks: First, the user is limited to exclusively using the same browser on the same computing device in which the password information was stored—if a user wants to run a different browser on the same computer or use a different computing device, saved password information is inaccessible.
Second, because passwords and related login information are stored locally on a user's computer in a weak encrypted format, the passwords can be easily retrieved by an attacker, e.g., if an attacker gains access to the user's computer, the attacker can easily view all of the stored plaintext passwords by clicking the “Show Passwords” button in Firefox®. Although browsers like Firefox® allow users to lock locally stored passwords by using a master password, such functionality is not available by default. Most users are not savvy enough to realize the vulnerability of their username and password information and do not enable the browser password protection feature.
Moreover, conventional technology that relies on simple password authentication to protect sensitive information exchanged over the World Wide Web can be easily compromised. Third parties can easily intercept data transferred between a client's browser and a server over the World Wide Web because a web user is typically connected and/or routed to a web server through many different computers. Although secure sockets layer (SSL) protocol technology can be used to counteract such security threats, attackers can further acquire username and password information by a process known as phishing. Phishing involves sending an email to a large list of people, telling them that they need to log into a particular site for one reason or another. The attacker(s) include a hyperlink in the email that directs a user to a site that looks identical to the real site, but is hosted by the attacker(s). When the user enters his username and password into the fake site, the information is handed over to the attacker(s).
It is therefore desirable to have systems and methods for securely managing Internet user passwords while facilitating a more enjoyable Internet user experience.