Most computer accounts, such as online email accounts, and/or other computer user accounts, are protected by a user identifier (ID) and a password. It can be difficult to determine whether the user ID and/or password have been compromised, and the account accessed by an unauthorized user. For example, a hacker may steal, guess, or use trial and error to obtain the valid ID and password. Some accounts may use a standard format for the user ID and/or password, which makes it easier for a hacker to determine the valid user ID and/or password. In other cases, a password may be viewed by a keylogger program, a network trace, or discovered by a co-worker, a family acquaintance, or another person associated with the account owner. This other person may then gain unauthorized access to the account. Because the unauthorized access occurs with the valid user ID and password, the unauthorized access may remain undetected by an online service and by the account owner. Authorization service providers generally do not provide account owners with data or services that may enable the account owners to detect an unauthorized access.