Many websites, services, and applications require users to register a password with the website/service/application as a security measure for user authentication. For example, users register passwords with email providers, banks, online markets, credit card companies, computer systems, social networks, and the like. To minimize the number of passwords that a user has to maintain, users often choose to re-use the same password for multiple accounts on different websites, applications, and services. However, if a malicious individual gains knowledge of the password for one of the user's accounts, then several of the user's accounts may be compromised. Furthermore, users may register weak passwords, such as passwords based on a special date, a name, a specific sequence of numbers, a mnemonic device, a key phrase, and the like. In this case, malicious individuals may determine a user's password by various brute force methods.
The user may take steps to protect against such an event, such as creating complex passwords, registering different passwords for each account, using password managers, and so forth. Each of these methods has downsides, which can create difficulties for the user or vulnerabilities in the user's account security. While complex passwords may be difficult for malicious individuals to determine, users themselves may have difficulty remembering such passwords. A user may register different complex passwords for different accounts, but this compounds the difficulty of remembering all of the passwords, and remembering which account each to which each password corresponds. Password managers can store all of a user's passwords, but storing passwords comes with the risk that malicious individuals may hack into the password manager and obtain all of the user's passwords.