Computer-based resources (such as a retail merchant checkout system) that require a user to present identity verification information at a control point (such as point-of-sale POS) device in the retail merchant checkout system, an access control point in a building security system, or an unlock screen in a mobile phone), to verify the user's identity as part of determining whether the user is authorized to access one or more functions of the resource, are known. For example, a POS device requires a personal identification number (PIN) before determining whether a consumer corresponding to the PIN is authorized to access the payment-by-debit-card function of a retail merchant checkout system. In such applications, memory in communication with the control point at the time the function is requested maintains a database of authorized users and the required verification information corresponding to each user—for example, the passcode stored in a mobile phone (stored in the clear in the mobile phone or in a secure element of the mobile phone), or a fingerprint stored in central database of a building security system.