1. Field of Disclosure
The disclosure generally relates to the field of computer security, in particular to user authentication.
2. Description of the Related Art
Online services often require users to authenticate themselves before availing services/information to the users. To satisfy the authentication requirement, a user typically provides the online services with confidential user information such as a password associated with the user's account. Such confidential user information often become lost (e.g., forgotten by the rightful user, stolen by an unauthorized user), and as a result making it necessary for the user to change the confidential user information.
Conventionally, when a user initiates the password reset process, the online service typically requests the user to provide secondary confidential user information, such as answers to challenging questions. Once such request for secondary confidential user information is satisfied, the online service typically emails a temporary password to the user's personal email account registered at the online service. The user can then use the temporary password for authentication, and change the password accordingly. Most users use free or low cost email systems for their personal emails. The security for these email systems has been proven to be weak. For example, there have been numerous real-world instances of major online email service providers leaking customer email information to unauthorized hackers. Accordingly, there is a need for new techniques for resetting passwords for online services without using email.