As computing devices have become increasing commonplace, the amount of services that have become available to users over the Internet has increased. Oftentimes users set up accounts for such services, providing a user identifier (id) and password in order to access their accounts. Using accounts in this manner, however, is not without its problems. One such problem is that the user id and password is oftentimes a weak link in the authentication of user accounts because it is subject to various attacks such as brute force attacks, phishing, and so forth. If a malicious user were to gain access to a user's id and password, then the malicious user can oftentimes shut the legitimate user out by changing the user's password and any password recovery settings, preventing the legitimate user from using his or her own account.