A service, such as an e-mail account, banking service, social network, or remote work computer access, may contain sensitive data that a user does not want disseminated to the general public. Thus, a service may use password protection to restrict access to only authorized users who can authenticate a right of access to a user session. A login interface may query the user for a password having a series of characters, such as letters, numbers, and signs. An authentication service may deny access to the user if the characters are in an improper order, if the letters are in the wrong case, or if the password fails to match the stored password in any way.
The authentication service may give the user a set number of tries at providing the password before that user is blocked from further attempts to access the computing device or service. The user may then contact an administrator to access the service, after providing some proof of identification. Such proof of identification may be a government identification or a pre-registered set of questions that presumably only the user can answer. Alternately, if the user fails to provide the proper password, a computing device or service may erase data.
A malicious actor may seek to hijack a user's account by co-opting the user's password. Once the malicious actor has taken control of the account, that malicious actor may change the password, steal user data, harass the user's contacts, perform criminal acts, spy on the user's actions, or take control of the user's account.