Unless otherwise indicated herein, the materials described in this section are not prior art to the claims in this application and are not admitted to be prior art by inclusion in this section.
Within a network environment, passwords are a common security technique implemented to authorize a user to gain access to his/her accounts. However, passwords alone may not be sufficient. Breaches are occurring more frequently, exposing a multitude of passwords. Even repositories of encrypted passwords may be exposed relatively quickly by employing brute force algorithms and graphic processing units (GPUs). In addition, users may be unable to remember a large number of unique passwords. As a result, every breach may also have a few passwords shared with other important accounts that may expose sensitive information, such as corporate, financial, and medical data. Personal data is increasingly available and more accounts may be interconnected due to the cloud infrastructure, further easing the ability for a hacker to obtain access to information.
In response to the growing password security concerns, the cloud management community has implemented intrusion detection systems (IDSs). An IDS may use collateral data about a connection to evaluate an appropriate security level. For example, if all previous online banking sessions have occurred in Seattle and a session then occurs in Albania in which all money is transferred to Moscow, the system may evaluate the action as suspicious and implement further security, even if the password is correct. An IDS is based on concepts of different channels of verification, where each channel is a separate source of information about a user. One channel may be a password and another channel may be an asserted identity, for example. Each channel alone may be insufficient to evaluate a likelihood that a user is unauthorized, but together each channel may improve the probability of accurately determining the credibility of the user.