This section provides background information related to the present disclosure which is not necessarily prior art.
With the development of the Internet, accounts may be stolen in many ways, for example, through the insertion of a Trojan horse or phishing. As a result, a large number of users are subject to various liabilities such as fraud and harassment after accounts are stolen.
To lower the probability that an account is stolen, in a conventional account login method, a server usually determines, according to a behavior model of a user, whether a login device of the user is a commonly used device. For example, if an account is logged into a device for several consecutive days, or normal operations (for example, reception and sending of information) take place each time when an account is logged into device, it is determined that the device is a commonly used device on which the account is logged into. If the server detects that the account is not logged into the commonly used device, a barrier is set up for a login of the account.
In the conventional account login method, although a barrier for a login of an account is set up, it cannot be determined whether a user that logs into the account is an account thief, and therefore, a login cannot be completely restricted. Moreover, it is also possible for an account thief to impersonate a normal user to bypass determination of a server. Therefore, security of the conventional account login method is not sufficiently secure.