The specification relates to online user authentication. In particular, the specification relates to generating user authentication challenges, specifically, generating a user authentication challenge based at least in part on one or more preferences of an account owner's contacts in response to detecting a potentially fraudulent authentication attempt.
Websites provide the capability for users to login to view their personal information, or other information that the user wants to keep private, or even access the functionality provided by the website. An added level of security is established by generating a challenge to the user attempting to login. Generally, the challenge is the generation of a secret question or the generation of a Completely Automated Public Turing test to tell Computer and Humans Apart (CAPTCHA) to guard against possible fraudulent login attempts, and login by bots and other automated devices; although, other methods exist. One other method utilizes the user's own preferences in an authentication challenge.