Account hijacking counter-measures

Account hijacking counter-measures

A method for providing an additional layer of authentication prior to accessing a user's account even though the user's credentials have previously been verified. User accounts are often accessed via a sign-in page that verifies the user's credentials. Upon detecting a device accessin...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: CRADDOCK RICHARD S, VITALDEVARA KRISHNA C
Format: Patent
Sprache:eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:A method for providing an additional layer of authentication prior to accessing a user's account even though the user's credentials have previously been verified. User accounts are often accessed via a sign-in page that verifies the user's credentials. Upon detecting a device accessing the sign-in page, an identifier associated with the device is obtained. One such type of identifier is the IP address assigned to the device. Based on the identifier, it is determined whether the device is trusted or not. Even thought the user's credentials are verified via the sign-in page, if the device is not trusted, a second authentication page is presented to the user prior to proceeding to the account. The second authentication page presents at least one security question. The security question is based on information contained in the user's account (e.g., contact information, event information, electronic messages, etc.). The user is required to correctly answer the security question in order to access the account.