Connected authentication device using mobile single sign on credentials

What is claimed is: 1. A device configured to enable access by a computer to a secure online resource, the device comprising: a processor; a network interface including a subscriber identity module (SIM) for connecting to a cellular network; and a memory storing executable instructions for causing the processor to: request, via the network interface and from a backend server, a Single Sign On PIN; receive, in response to the request, the Single Sign On PIN from the backend server; transmit, via the network interface and to a token server, the Single Sign On PIN and credentials of the SIM to request a token for accessing the secure online resource via the computer, the computer being different from the device, wherein the token is associated with a user account; receive, via the network interface and from the token server, the token; store the token at the device to enable the access by the computer to the secure online resource, wherein the device is unable to use the token to enable the device to access the secure online resource; receive from the computer, after the storing of the token, a request for transmission of the token to the computer responsive to a request from the computer for access to the secure online resource; responsive to the receiving of the request from the computer, verify, without manual authentication, that the computer is being accessed by a user associated with the user account based on the device being geographically proximate to the computer; and transmit the token to the computer upon the verification that the computer is being accessed by the user associated with the user account. 2. The device of claim 1 , wherein the instructions for causing the processor to verify that the computer is being accessed by the user associated with the user account comprise instructions to: determine, based on a geographic location of the computer and a geographic location of the device, that a geographic distance between the computer and the device is less than a geographic distance threshold. 3. The device of claim 1 , wherein the instructions for causing the processor to verify that the computer is being accessed by the user associated with the user account comprise instructions to: determine that the computer is coupled with the device via a short-range radio connection established by a short-range radio interface between the device and the computer. 4. The device of claim 3 , wherein the memory further stores executable instructions for causing the processor to receive from the computer the request for transmission of the token and transmit the token to the computer via the short-range radio connection. 5. The device of claim 1 , wherein the token is transmitted to the computer via the network interface and via a proxy server. 6. The device of claim 1 , wherein the token for accessing the secure online resource comprises one or more of a username, a password, or a certificate. 7. The device of claim 1 , wherein the instructions for causing the processor to store the token comprise instructions to store the token in a form such that the device itself cannot use the stored token to access the secure online resource. 8. The device of claim 1 , wherein the instructions to verify that the computer is being accessed by a user associated with the user account cause the processor to transmit the token to the computer upon verification by the backend server that a local time for a geographic location of the computer is within a time limitation placed on when the device is allowed to be used to connect the computer to the secure online resource. 9. A method to enable access by a computer to a secure online resource, the method comprising: requesting, via a network interface of a device and from a backend server, a Single Sign On PIN; receiving, at the device, in response to the request, the Single Sign On PIN from the backend server; transmitting, via the network interface and to a token server, the Single Sign On PIN and credentials of a subscriber identity module (SIM) of the device to request a token for accessing the secure online resource via the computer, wherein the token is associated with a user account and the SIM is for connecting to a cellular network; receiving, via the network interface and from the token server, the token; and storing the token at the device to enable the access by the computer to the secure online resource; receiving from the computer, after the storing of the token, a request for transmission of the token to the computer responsive to a request from the computer for access to the secure online resource; responsive to the receiving of the request from the computer, verifying that the computer is being accessed by a user associated with the user account, wherein the verifying that the computer is being accessed by the user associated with the user account comprises verifying that a local time for a geographic location of the computer is within a time limitation placed on when the device is allowed to be used to connect the computer to the secure online resource; and transmitting the token to the computer upon the verification that the computer is being accessed by the user associated with the user account, wherein: the computer is different from the device, the verifying that the computer is being accessed by the user associated with the user account is further based on the device being geographically proximate to the computer and further comprises: determining, based on the geographic location of the computer and a geographic location of the device, that a geographic distance between the computer and the device is less than a geographic distance threshold, and the method further comprises setting the geographic distance threshold based on the geographic location of the device. 10. The method of claim 9 , wherein the verifying that the computer is being accessed by the user associated with the user account further comprises: determining that the computer is coupled with the device via a short-range radio connection established by a short-range radio interface between the device and the computer. 11. The method of claim 10 , further comprising receiving from the computer the request for transmission of the token and transmitting the token to the computer via the short-range radio connection. 12. The method of claim 9 , wherein the token is transmitted to the computer via the network interface and via a proxy server. 13. The method of claim 9 , wherein the verifying that the computer is being accessed by the user associated with the user account is performed without manual authentication at the device. 14. The method of claim 9 , wherein the device is unable to use the token to enable the device to access the secure online resource. 15. A method to enable access by a computer to a secure online resource, the method comprising: requesting, via a network interface of a device and from a backend server, a Single Sign On PIN; receiving, at the device, in response to the request, the Single Sign On PIN from the backend server; transmitting, via the network interface and to a token server, the Single Sign On PIN and credentials of a subscriber identity module (SIM) of the device to request a token for accessing the secure online resource via the computer, wherein the token is associated with a user account and the SIM is for connecting to a cellular network; receiving, via the network interface and from the token server, the token; storing the token at the device to enable the access by the computer to the secure online resource; receive from the computer, aft