This invention relates to social networking systems and in particular to determining real-world interactions between users of a social networking system and using the information for account recovery.
An online system, such as a website, that allows users to interact with the system typically creates an account for each user of the system. The user is required to provide authentication information, for example, login and password in order to gain access to the user account. Once the user logs into the account, the user can perform various actions supported by the online system, for example, sending messages to other users, uploading photos, deleting photos, changing profile information, and even making online purchases using the user account.
Hackers often try to gain unauthorized access to user accounts, for example, by stealing authentication information of the user. Once a hacker gets unauthorized access to the user's account, the hacker can use the account for any purpose including illegitimate purposes. For example, the hacker can get the email contacts of the user and send spam messages to the email contacts. The hacker can also include malicious attachments like viruses or uniform resource locator (URL) links with the email. Since the email messages are received by the contacts from the user's account, the message is unlikely to be blocked by a spam filter. Furthermore the recipients are quite likely to open and read the message, possibly click on any URL links provided with the message, or open an attachment in the email. These links and attachments can be potentially harmful to the recipients. Therefore, a person who can get unauthorized access to a user account can perform illegitimate and harmful actions using the account.
Online systems therefore lock a user account if the user account is associated with suspicious activities. For example, if several login attempts are made to access the user account with incorrect passwords, the online system may lock the user account assuming an unauthorized user may have attempted to gain access to the account. However it is possible that the authorized user of the account may have forgotten the password and therefore made multiple attempts to get into the user's own account.
In any case, once the user is locked out of the user account, the user has to provide enhanced authentication to gain access to the user account. Typically the user is required to call and talk to personnel associated with the online service to gain access to the account. The user may be required to provide different types of information verifying the user's authenticity and may even be required to send a copy of a photo id. Some online services do not trust information provided by users on phone and send a new password to the user's address by regular mail.
These procedures for gaining access to a locked account are slow since the user may have to wait several days before the user account is unlocked. Moreover, these procedures require the online service to maintain staff to handle these procedures, thereby increasing the maintenance costs of the online service. Even if the online service maintains a call center to handle these calls, the call center may not be open seven days a week, twenty-four hours a day, and human resources cannot scale as well as computing resources. If the user account gets locked on a weekend or during hours outside the business hours of the call center, the user may have to wait several hours or even days just to be able to talk to an operator to initiate the account recovery process.