Conventional access control systems protect sensitive resources by performing authentication operations to determine whether users requesting access to the resources are authentic. In one example, a user may be required to provide a correct password before being granted access to a resource. In another example, the user may be asked to provide a recognized fingerprint to a fingerprint reader before being granted access to a resource. For these examples, a conventional access control system compares the provided user input to expected user input to determine whether to grant or deny the user access to the sensitive resource.