Conventional electronic accounts may be accessed using a computer by submitting a username and password combination. A typical username may comprise some or all of a person's email address, or a combination of letters based on the person's first and last name. As a result, an individual's user name for a particular service may be widely known or easily guessed.
One method for attacking an electronic account is through a brute force attack, where an attacker tries username and password combinations over and over until gaining access to the account. When an individual's username is openly known or easily guessed, their associated electronic accounts are particularly susceptible to brute force attacks. A conventional response to a brute force attack is to disable an account. While disabling the account may thwart the attacker, it can also impede the account owner from properly accessing their own account.
Thus there is a need for new methods to protect electronic accounts.