Passwords and user identification names (user names) are commonly used in network security systems intended to determine the authenticity of a user accessing a secure account, system, application, device, or the like. These network security systems are often vulnerable to assailants circumventing the system via repeated guesses of the account password of a user. This approach has prompted the use of lockout schemes which lock the user out of an account following a predetermined number of incorrect login attempts. In such a scheme, each incorrect login attempt may result in a strike being applied to the account and application of a predetermined number of strikes can result in the account being locked from access. For example, the network security system may allow the user to enter an incorrect password three times, after which any further failed attempts will result in the account access being locked. Upon locking access to the account a correct user name and password will no longer grant access to the account, at least until such time as it is reset by a system manager.
In certain network security systems, an input user name need not be an exact match with a user name within a user account directory to gain account access. This approach allows the user name to be ambiguous, meaning the input user name contains some quantity of letters, numbers and/or symbols in common with at least two user names in the user directory, but need not be an exact match with either user name. For example, the user may input the user name Robert, which matches the user names Robert Davis, Robert Smith, and Robert Harris. As the example shows, the use of an ambiguous user name can result in multiple user names that match a particular input user name. As a result of these multiple matches, implementation of a lockout scheme can take on greater complexity.