I. Technical Field
The present invention generally relates to the field of computerized systems. More particularly, the invention relates to computerized systems and methods for authenticating a user to access or utilize all or part of a computer system.
II. Background Information
To access an account at an Internet site, a user typically submits credentials to the Internet site, which are then authenticated. For example, the most commonly encountered credentials are username and password. The username may be an email address of the user or other alphanumeric identifier. The username, accordingly, may be known to others. By contrast, the password is kept secret by the user and may include a combination of alphanumeric characters.
As the Internet has proliferated as a means of conducting commerce, Internet fraud has also increased. The username and password combination is no longer sufficient to securely authenticate users of Internet sites. For example, through a fraud scheme called “phishing,” individuals fraudulently obtain username and password combinations from users that receive electronic messages purporting to originate from a legitimate Internet site. Some phishing techniques send out mass electronic mail messages to persons representing that the messages are from a trusted source (e.g., an Internet site from which the user has purchased goods or services). The messages request a reply from a user providing his or her username and password or provide a link to a page on which the user is requested to confirm his or her username and password.
When a perpetrator of such a phishing technique collects a large number of username and password combinations, the amount of damage the perpetrator may cause is considerable. For example, the perpetrator might execute automated scripts to access a large number of user accounts. If an Internet site allows users to sell items to the public, the perpetrator may use the automated scripts to log into the user accounts, post listings of items with low prices, and collect money without any intention to ship the sold items. Alternatively, the perpetrator might access a user's account information, such as payment information (e.g., credit card information) and/or might make unauthorized purchases using stolen payment information or may place orders with Internet sites.
As is evident from the foregoing, since user account information may be guarded by only username and password combinations, once a perpetrator has obtained a username and password, the perpetrator has access to all aspects of the account because the username and password are the sole line of defense for many accounts. Recognizing that current systems and methods of user authentication do not sufficiently guard against fraud, some Internet sites have added additional authentication steps. For example, some Internet sites present security challenge questions in addition to authenticating a username and password. These security challenge questions might ask the user to submit, for example, his or her mother's maiden name, where the user was born, or a name of a first employer. These questions require the user to remember this information and enter it correctly (e.g., correct spelling, punctuation, etc.) Furthermore, although requiring more effort, perpetrators of fraud may also obtain this information from the user and/or other sources to circumvent extra security measures.
As a result of the foregoing, traditional techniques require more user effort, result in a less user friendly experience, and do not secure user account information. Accordingly, there is a need for improved systems and methods that secure user account information while preserving the user experience.