Service providers may provide applications that enable their users to access information or request actions regarding user accounts. Such applications may include authentication features to ensure that a user is authorized to access information or request actions through the application. Traditional methods for authenticating a user may be insecure given the strong incentive for malicious individuals to attempt unauthorized access to accounts, in an effort to view confidential information, access financial data, request unauthorized funds transfers, or perform other actions.