Many computer applications and systems require a user to enter a password in order to access the application or system. Typically the user must have an account for the system or application. In addition to the password, the account typically has a user identifier associated with the account. For example, electronic mail systems and financial systems typically require a user to enter a user identifier and password in order for the user to access their email account.
While protecting account access with passwords is useful in restricting access to accounts to authorized persons, problems remain with password protected systems. A first problem is that users often forget their password. In order for an account to be secure, the user must choose or be assigned a password that is hard for an unauthorized user to guess. Unfortunately, a password that is hard to guess may also be a password that is hard for a user to remember.
A second problem is that a user's account may be hijacked, that is, an unauthorized user may obtain the authorized user's password (either by guessing or by otherwise learning the password), log in to the user's account, and change the password. The result is that the authorized user may no longer access their account because the new password is only known by the hijacker.
In addition to the problems created for a user when their account password is forgotten or hijacked, the owner or operator of the protected system incurs increased support costs, because the user must typically interact with support staff in order to regain access to their account. For example, support staff typically attempts to authenticate that the person seeking access to an account is the legitimate account holder, and not an imposter attempting to gain unauthorized access to an account. A common method of authentication is to ask the person seeking access questions such as “what is your city of birth”, or “what is your mother's maiden name.” However, answers to these types of questions may be relatively easy to obtain, even easier than attempting to guess the password in the first place. Thus, authentication methods typically in use in previous systems may impose significant support staff cost for relatively little security benefit.
In view of the above problems and issues, there is a need in the art for the present invention.