Password-based user authentication systems place total trust on the authentication server where clear text passwords or easily derived password verification data are stored in a central database. This system provides heterogeneous authentication services and single sign on in a network environment. In addition, the system hides the heterogeneity. Compromise of authentication server by either outsiders or insiders subjects all user passwords to exposure and may have serious legal and financial repercussions to an organization. Recently, several multilevel password systems were proposed to circumvent the single point of vulnerability inherent in the single-server architecture.