As an increasing number of applications and services are being made available over networks such as the Internet, an increasing number of content, application, and/or service providers are becoming responsible for ensuring the security and/or privacy of information associated with their customers. Oftentimes the customers must provide some type of credential, such as a username and password pair, in order to gain access to the information and/or services provided, as may be associated with a customer account. In order to prevent unauthorized entities from simply trying combinations of usernames and passwords until a successful combination is found, certain systems provide for a maximum number of attempts over a period of time before that account is “locked,” whereby no one can gain access using a username and password pair for that account for at least a period of time, which will hopefully discourage unauthorized entities from attempting to gain access, or will at least slow the unauthorized entities down to the point where other remedial actions can be taken.
A potential problem with locking out an account after a number of unsuccessful login attempts, however, is that a user might not be able to access an account even when the user has not intentionally done anything wrong. For example, if an application on a device of the user has an old password and continually tries to login to a service in order to obtain the latest messages or data, that application can cause the user account to be locked a majority of the time. If the user attempts to access information for that account, the user will generally be unsuccessful because the maximum number of unsuccessful login attempts have been attempted over a recent period of time, such that the user's login credentials in many cases will not even be analyzed by the service. Similarly, a party can organize an attack on various accounts where unsuccessful login requests are repeatedly submitted, effectively locking out users and making the service unavailable. Various other issues can arise from such a lockout approach as well.