A single sign-on (SSO) service provides a method of access control that enables a user to log in once and gain access to the resources of multiple systems and/or applications without being prompted to log in again. The initial log-in process typically includes a sign-on webpage that prompts the user for their credentials (e.g., usemame (user ID) and password). Upon entering the correct credentials, the user is authenticated and is taken to a home landing page. The landing page is either a default page set by the service or a page designated by the user during account registration. Once at the home landing page, the user may access additional services and/or applications associated with their user ID such as email accounts, an address book, Groups, messenger applications, calendars, and the like.
User accounts are subject to account hijacking through a variety of techniques. Some of the most common ways of illegally entering a user's account are by guessing the user's password (commonly referred to as a “brute force attack”), acquiring the user's password through social engineering (e.g., convincing technical support to provide a password reset to a different account) and acquiring the user's user ID and password through a computer infected with malware (e.g., a keylogger). If a user's credentials are obtained by an unauthorized third-party, the third party can log-in to the user's account and access all of the user's data contained in the account. The third party can copy the user's data, erase the user's data, and so on.