The specification relates to online user authentication.
A potential security concern for an online businesses or service is account hijacking, e.g., a fraudulent user gaining access to an account using the account owner's correct credentials (e.g. username and password). Systems have been developed to identify potentially fraudulent login attempts at the time of login and take further steps to authenticate the user, e.g., by requiring the user to complete a secondary user authentication challenge.
However, a problem is that current systems create false positives, which inconvenience account owners by subjecting the account owners to unnecessary secondary authentication challenges. Secondary authentication challenges that in some circumstances may be difficult to successfully complete regardless of whether a user is an account owner or a fraudulent user. More specifically, a problem is that current systems do not bypass secondary user authentication based at least in part on the detection of a whitelisting deviation from a user pattern.