User authentication, as may be used in a variety of security contexts, generally relies on one or more of three authentication factors: knowledge (e.g., knowledge unique to the user); inherence (e.g., a unique and inherent characteristic of the user) and possession (e.g., a unique item in the user's possession). Passwords are a typical example of a knowledge authentication factor, as they represent information that is expected only to be known to the user. Knowledge factors generally include substantial limitations. For example, the security of a password is directly dependent on its complexity, and as complexity is increased, a user is less likely to correctly recall the password.
Inherence factors, such as biometric information, can at least partially correct these features, since biometric information can be inherently complex and does not require the user to recall the information. However, the hardware required to implement inherence factors can often be prohibitively expensive, and the variety of different standards and implementations make widespread adoption problematic.
Possession-based authentication generally relies on a unique object in the possession of a user, such as a smart card, RFID chip, or cryptographic key fob. These objects may also be referred to in various forms as security tokens, authentication tokens, hardware tokens or cryptographic tokens. Often, security tokens are associated with similar drawbacks to the use of biometrics, in that the tokens or hardware required to use the tokens may be prohibitively expensive and adhere to a number of different standards and implementations. In addition, unlike biometric authentication factors, security tokens may be lost by users.