Computer crimes, unwanted communications, compromised data, and malware have continuously increased as networked communications continue to grow at tremendous rates. With the growth of communication networks such as the Internet, the increasing amount of data interchange, and the recent growth of cloud computing, the vulnerability of computers and servers through networked communication has become an increasingly significant issue. Services that control access to systems and data stored thereon must avoid allowing access to hackers and other unauthorized users, while allowing legitimate users to access the services. A login service is typically used to control access to a wide variety of information systems.
The username and password-based login process are among the more common types of login services. When using this process, a user typically presents a username and a representation of a secret password to provide evidence that they are the authorized owner of an identity associated with the username. An attacker may attempt to gain unauthorized access by guessing the username and/or secret password. The login service may attempt to prevent such attacks by slowing down the rate at which guesses can be made, such as by making login attempts computationally expensive, limiting the number of attempts that can be made, or employing a challenge-response system (e.g., CAPTCHA) to require human intervention for an attempt. These techniques may unnecessarily impact legitimate users of the system.