1. Field of the Invention
The present invention relates to security of an information service.
2. Description of the Related Art
In information services such as SNSs (Social Networking Services) or portal sites provided via communication networks, users are authenticated based on user IDs and passwords. Further, when the user forgets the password, the user can reset the password through “account recovery”. As a supplementary authentication method for account recovery or the like, a secret question and a corresponding answer are registered in advance and the user is authenticated based on the registered secret question and answer (for example, see Japanese Laid-open Patent Publication No. 2008-090547 (particularly, claim 11)); alternatively, the user may be authenticated by answering a name corresponding to a displayed facial image of a registered friend of the SNS.
In the conventional technology, however, when the user forgets correct information, i.e., correct answer to the secret question, or the name corresponding to the facial image, authentication cannot be realized. In addition, if the information on the correct answers leaks to the outside, the reliability of authentication is damaged.
The reliability of authentication can be damaged not only through the leakage of information. In a supplementary authentication of account recovery, personal attribute values such as birthday and postal code are used. With the widening of inter-user communications such as the SNS, personal attribute values are likely to be easily known to third parties. Hence, when personal attribute values are used in the account recovery, a problem such as impersonation can arise and the security may be compromised.