Improved cryptographic techniques are provided by which a device that performs private key operations (e.g., signatures and/or decryptions), and whose private key operations are protected by a password, is immunized against offline dictionary attacks in case of capture by forcing the device to confirm a password guess with a designated entity or party in order to perform a private key operation, and by which the initiating device may dynamically delegate the password-checking function (i.e., confirmation of the password guess) from the originally designated entity or party to another designated entity or party.