A method executes at an authentication server. The method receives a request from a shared user device. The request seeks access to personal information that is associated with a user and stored at a resource server. The method receives access authentication information from a personal user device and creates an access token that grants access privileges to the personal information associated with the user. The method provides the access token to the shared user device. The method receives from the personal user device a command to revoke access privileges associated with the access token. When the method receives a validation request from the resource server, including the access token, the method determines that access privileges associated with the access token have been revoked. The method then notifies the resource server that the validation request failed, thereby preventing access to the personal information by the shared user device.