Data security is a major concern of organizations and numerous solutions have been developed to effect cyber security for servers storing organization data and for applications used by organization's employees such as e-mail, file servers etc.
Private users' data on the other hand is much less protected, since it is distributed over the cloud. The existing security is application-centric, namely, the security of each operation the user does in an online-service depends on the security means of that specific service and has no bearing to other operations done by the user.
An example of an online service is a social network platform enabling users to communicate and share content with peers. Another example of an online service is a platform which a bank offers to customers to perform actions in their accounts (check balance, transfer money, etc.).
In the past, people could protect their private data by installing security software on their PCs. Today most people have more private data in online accounts than on their private PCs and mobile devices.
To effectuate the use of an online service, a user is typically required to create an account to which they or their device (computer, mobile phone, etc.) must log in every time they wish to access the service. To log into a service, the user is typically required to provide a user name and password which they set up during account creation as means of authentication. Unfortunately, there are deficiencies in user name and password based authentication mechanisms. A hacker can learn in various methods the user name and password combination of a user and abuse them to take over the account.
The conventional approach for protecting user accounts consists of every service provider tracking the characteristics of user logins and activities. When a suspicious login or activity is detected by the service provider they can either warn the user by E-mail, require another step of authentication, or block the login or action attempt.