Technical Field
Embodiments disclosed herein are related to systems and methods for determining an authentication attempt threshold. In particular, systems and methods disclosed herein may determine an authentication attempt threshold based on a probability of successful authentication determined by a recentness of a successful authentication, a number of successful authentication attempts over a predetermined sequence, and a number of overall successful authentication attempts.
Related Art
Internet users typically have multiple accounts with multiple websites, each having specific credentials that are required for a user to authenticate to the website and access services and features provided by the website. The user is required to remember specific credentials for specific websites and, in some cases, multiple credentials for a single website. This means that a user may not always remember the credential required for a website, particularly if it is a website that they have not visited recently. However, to protect users from brute force attacks, many websites and other secure networked servers typically set limits on a site-specific authentication attempts within a particular time period before a security action is taken. For example, a user trying to authenticate to a website to access their account will have a set number of authentication attempts before the website freezes the account, the user has to do a password reset, and/or the user may have to contact the website provider to unfreeze their account. In many conventional examples, the threshold is three (3) attempts. However, the threshold is arbitrary, and does not maximize usability and security. For some users that frequent a website, three attempts are probably unnecessary. For users that may visit the website very sporadically, three attempts may not be enough. Moreover, the users that frequent the website may have more invested in their account with the website and, thus, may have more to lose from an attacker gaining access to their account that may cost the user and even the website provider more than it would for a sporadic or infrequent user.
Accordingly, there is a need for systems and methods that determine an authentication attempt threshold based on a probability of successful authentication. In particular, there is a need for systems and methods that determine the authentication threshold by analyzing a recentness of a successful authentication, a number of successful authentication attempts over a predetermined sequence, and a number of overall successful authentication attempts.
In the drawings, elements having the same designation have the same or similar functions.