Many conventional online web services provide security to a user by requiring the user to provide a username and password before granting access to the user's account. This conventional security technique has many weaknesses. For example, if an unauthorized user acquires the authorized user's username and password, the unauthorized user can gain access to the authorized user's account without detection by posing as the authorized user. Further, once being granted access to the authorized user's account, the unauthorized user can interact with the online web service without being subject to any other security mechanism.
Other conventional online web services provide additional security by comparing activity on an authorized user's account to known fraudulent or unauthorized activity. For example, after verifying a user's logon information and granting a user access to a secure online account, certain conventional online web services may compare activity on the account to known bot activity or known fraudulent activity implemented by a human user. While providing some heightened security, these conventional security mechanisms also have multiple weaknesses leaving authorized users exposed to sophisticated hacking and fraudulent activity.
Accordingly, there is a need to protect a user's account on an online web service using improved security and authentication techniques.