Protection from data security threats

What is claimed is: 1. A computer-implemented method for authentication, comprising: under the control of one or more computer systems configured with executable instructions, obtaining an electronic claim of access to a password, the claim comprising: a first component comprising first information based at least in part on an electronic signature, the electronic signature based at least in part on a first key and a time-dependent value, the first key derived based at least in part on the password; and a second component comprising second information based at least in part on a second key, the second key being at least: different from the first key; derived based at least in part on a derivation function utilizing the password and a second salt value as inputs, where the second salt value is stored by a computing resource service provider; and the second key being unavailable to the one or more computer systems until at least obtaining the electronic claim of access to the password; computing, based at least in part on the first key, a first reference component; computing, based at least in part on the second key from the electronic claim, a second reference component; and enabling access to at least one computing resource as a result of both the first reference component matching the first component and the second component matching the second reference component. 2. The computer-implemented method of claim 1 , wherein: computing the second reference component further comprises computing a result of a derivation function utilizing the second salt value and the password; and enabling access to at least one computing resource further comprises comparing the second reference component with the stored second reference component accessed from memory of the one or more computer systems. 3. The computer-implemented method of claim 1 , wherein the method further comprises: comparing the second reference component with the stored second reference component accessed from memory of the one or more computer systems; and updating automatically the stored second reference component multiple times over a time period. 4. The computer-implemented method of claim 3 , wherein each update of at least a subset of the updates of the stored second reference component is based at least in part on information provided from a key distribution system, the information being based at least in part on the password and information specific to a key-use zone containing the one or more computer systems, where the information specific to the key-use zone results in a corresponding restriction of use of the first key or the second key to the at least one computing resource. 5. The non-transitory computer computer-implemented method of claim 1 , wherein the time-dependent value further comprises current time information. 6. The non-transitory computer computer-implemented method of claim 1 , wherein the second salt value is maintained by the computing resource service provider further comprises maintaining the second salt value in a record of a database associated with the password. 7. A computer-implemented method for authentication, comprising: under the control of one or more computer systems configured with executable instructions, obtaining information from a computing device attempting authentication; determining whether the obtained information is valid based at least in part on: first information accessed from data storage accessible to the one or more computer systems and based at least in part on a first key, the first key based at least in part on a derivation function including a first salt value and a password, where the password is provided by the computing device attempting authentication; and second information based at least in part on at least a second key different from the first key and a second salt value, where the second salt value is stored in the data storage accessible to the one or more computer systems, and the second key is unavailable to the one or more computer systems until at least obtaining the information from the computing device attempting authentication; wherein neither the first information nor the second information is alone sufficient for authentication; and taking one or more actions that are dependent on a determination that the obtained information is valid. 8. The computer-implemented method of claim 7 , wherein the first information is based at least in part on a result of a cryptographic operation performed on the first salt value and the password. 9. The computer-implemented method of claim 8 , wherein the cryptographic operation involves at least one of a hash function, hash-based message authentication code, an asymmetric signature, a symmetric signature or an encryption. 10. The computer-implemented method of claim 7 , wherein: obtaining the information includes receiving the information in connection with an electronic request; and the obtained information includes information dependent on the electronic request and information independent from the request. 11. The computer-implemented method of claim 10 , wherein the information independent from the request is a password-derived key or hash maintained by the one or more computer systems and the second information is based at least in part on a result of applying at least a hash function to the information independent from the request and obtained from memory of at least one of the one or more computer systems. 12. The computer-implemented method of claim 7 , wherein: the first information further includes an electronic signature based at least in part on the first key and time information associated with the obtained information; the second key is derived based at least in part on the password and the second salt value, where the second salt value is obtained for a database maintained by the one or more computer systems; and the one or more computer systems lack access to the second key prior to receiving the obtained information. 13. The computer-implemented method of claim 12 , wherein the first key and the second key are derived based at least in part on secret information. 14. The computer-implemented method of claim 7 , wherein the second information comprises information that is valid for authentication by the one or more computer systems for a limited time. 15. The computer-implemented method of claim 7 , wherein: determining whether the obtained information is valid comprises: computing, based at least in part on the first information, an electronic signature; computing, based at least in part on the second information, a hash value; and determining whether the computed electronic signature matches a provided electronic signature of the obtained information and whether the computed hash value matches hash information in data storage accessible to the one or more computer systems. 16. The computer-implemented method of claim 15 , wherein: computing the electronic signature is further based at least in part on a time-dependent parameter; and determining that the obtained information is valid requires the obtained information to have been generated in accordance with the time-dependent parameter. 17. A computer system, comprising: one or more processors; and memory including instructions that, when executed by the one or more processors, cause the computer system to at least: obtain information from computing devices attempting authentication; for each party of a plurality of parties, access information specific to the party from a data store to determine whe