Imagine one was required to create a web-based password management system (over SSL! :) with the following requirements:
- Individual users sign in to the system using their own unique pass phrase.
- This pass phrase should be enough to allow the user to use the system effectively (e.g. from a smartphone, etc.)--the point being that they should not have to keep a key file with them.