An online service provider is an organization or individual that provides digital or physical goods or services to customers, for which at least a portion of the interaction between the provider and the customer is performed through a computer network. Customers of the online service provider typically interact with the service, which can also be an online store, via some form of user account. Each customer's previous interactions are typically stored in some data structures or databases associated with the customer or user account of the online service provider, or online store. To differentiate between customers, an account identifier is typically assigned to each account. This identifier can be a specific number, a customer name or address, or an email address.
Customers provide their account identifier in order to make transactions that are associated with their account. A security issue can arise if others know the identifier associated with a customer; a person other than the legitimate account user may attempt to fraudulently interact with the service as if they are an authorized user of the account. To authenticate the identity of a given customer, services typically employ a password system as a form of authentication, in which the customer presents a password with the account identifier to prove their identity as a legitimate customer. This is an example of single-factor authentication. In single factor authentication, if the primary authentication is compromised, for example, if customer's password is stolen, someone can use the authentication method to fraudulently access the account.