In order to control access to computer-based resources, identification and authentication steps are often undertaken to help ensure that a particular access is appropriate. These steps are often embodied in a login name and password paradigm. A potential user is generally required to provide a legitimate login name in a dedicated login name field, followed by the entry of a password associated with the user and known to the resource being accessed. Of course, the resource being accessed may simply be the user's own computing device, with login restrictions applied to forestall unauthorized use.
The login name and password entry process is perhaps even more desirable in controlling remote access to resources. Because of the ubiquitous nature of Internet access, employees often find themselves working from remote locations where access to corporate, network-based resources is essential to productivity. Connection to an enterprise network is often obtained using a VPN, or Virtual Private Network, over which communications may be encrypted to enhance security. Naturally, in a VPN setting, or in using any of a number of remote access implementations, identification and authentication of the potential user is desirable in order to maintain the security of remote access.
Since a user attempting remote access may be in a public place, such as an airport, a coffee shop, a public library, etc., consideration should be given to the threat of theft of login credentials by stealth. Many logon screens currently implement a protective mode in which the user's login name is replaced by non-alphanumeric characters (such as asterisks, for example), immediately after the user types his user name and exits the login name field. Further protection is often extended to the password field, where characters entered by the user are not displayed at all, but are instead replaced by a non-alphanumeric character at the time of character entry. For additional protection in the password field, an arbitrary or random number of non-alphanumeric characters are sometimes displayed in response to any character entered by the user, in order to help conceal the actual password length from an unwanted observer. Of course, if a user should inadvertently attempt to enter a password in a non-password field, the precautions noted above may not be available as an aid in safeguarding password security.