Today, users are conducting online transactions at an ever increasing rate. In light of this phenomenon, it is not uncommon for a user to have anywhere from twenty to eighty, or more, separate online accounts. Examples of such accounts may include, email, news, social networking sites, online banking, music, movies, games, online auctions, shopping, and more. Typically, a user must possess a separate ID and password to access each of these accounts.
One ongoing dilemma concerning passwords, is that as computer processing capabilities increase, passwords must become longer and more complex to be considered “secure.” The problem is that, it is difficult for users to remember more than just a handful of different passwords at a time. As a result, users often “recycle” their passwords (often containing names of relatives or pets, birthdates, etc.—making them even less secure. If a password is too complex, users will often write it down next to their computers to serve as reminders. However anyone walking by could easily obtain the password and use it to gain unauthorized access to the user's system. If one password is obtained or intercepted, it is likely that it can also be successfully used to gain access to several of the user's other accounts (if a similar password is used). Even if a user manages to remember their passwords and to keep them physically secure, it is still possible to easily intercept and read passwords when sent in the clear over a non-secure network. For example, many users' are unaware of implications of sending clear-text passwords over open wifi networks—despite their growing popularity.
Another problem of an even larger scope is that of “centralized” password storage and encryption. In most cases, a central database will encrypt passwords once received using the same key. If the system is successfully hacked, hundreds—if not thousands—of user accounts with sensitive information such as SSNs, credit card numbers, etc. can be compromised. Such authorities therefore spend inordinate amounts to ensure their central databases are secure and to maintain their reputations.
There remains a need to securely manage multiple user passwords without increasing complexity for the user. There is also a need to bring “best practices” for information security used by large organizations to the user level. In addition, a need exists to facilitate user control over credentials and other personal information.