To limit access to thieves of passwords, at initial registration with a
Web server, a user is given a password and user name, and a cookie
including a login key and machine ID is downloaded to the user. For
subsequent log ins, the user inputs the user name and password and if
they are correct, the server checks the cookie on the user computer to
determine whether the login key and machine ID matches the record stored
in the server before granting access. If access is successful a new login
key is sent in a new cookie to be used in the next subsequent login so
that the login key changes every login. If the cookie check is
unsuccessful, the server refuses access until a user validation process
has been completed.