1. Technical Field
This invention relates to a user authentication system.
2. Related Art
In the past, well-known methods used to prevent fraudulent login to user accounts registered in a system included WAF (Web Application Firewalls), IDS (Intrusion Detection Systems), IPS (Intrusion Prevention Systems), and so forth. Under these methods, successive attempts to log in to the same user accounts, or trends in terms of login attempts or accessing the system as a whole, were used to detect user terminal devices that made fraudulent login attempts, and access by said user terminal devices was blocked based on information such as IP addresses and the like
In addition, Patent Citation 1 describes a user authentication system provided with means for storing data such as images associated with the n-th character of a password for each user ID, and means for reading out data such as images associated with said n-th character and providing the data to a terminal device when the n-th character of the password is correctly entered into the terminal device. Accordingly, with regard to fraudulent activities referred to as phishing scams, in which users' passwords are hijacked using a fake password input screen that mimics a genuine password input screen, it is assumed that users can determine whether or not a password input screen is genuine during password input.