Many services require users to complete an authentication process before allowing users to access, use, and/or modify user accounts. For example, an online service may require a user to demonstrate that he or she knows a “shared secret” (i.e., a “secret” known by both the user and the service). In some examples, the shared secret may be a password. In other examples, the shared secret may be information about the user, such as the user's birthplace, the maiden name of the user's mother, or the name of the user's first pet. In these examples, the service may authenticate an individual purporting to be the user if the individual demonstrates that he or she knows the shared secret.
Unfortunately, shared secrets may be ineffective if they are based on information (e.g., a birthplace) that is publically available (e.g., from public records or social media) or easily obtained by unauthorized users. Similarly, passwords may be difficult for a user to remember and/or may be stolen or guessed by unauthorized users using brute force. Accordingly, the instant disclosure identifies a need for improved systems and methods for authenticating users.