COMPROMISED PASSWORD DETECTION BASED ON ABUSE AND ATTEMPTED ABUSE
First Claim
1. A computer-implemented method for improving account security based on identified suspicious patterns of activity, the method comprising:
- obtaining a plurality of failed login records, each of the failed login records having a set of password data that is associated with at least one of a plurality of failed login attempts, wherein the plurality of failed login attempts is associated with at least one account identifier;
identifying a suspicious pattern of activity that corresponds to at least a portion of the failed login records, the suspicious pattern of activity being identified based at least in part on a recognition of a common set of password data that is in each of the at least a portion of the failed login records; and
storing a copy of the common set of password data as a bad set of password data into a password history log, the password history log being configured to store a plurality of bad sets of password data that are not to be associated with the at least one account identifier.
5 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods are disclosed for analyzing a plurality of failed login records that correspond to failed login attempts detected by a computing system, to identify suspicious patterns of activity that can facilitate the supplementation of password blacklists for improving account security. To accomplish the foregoing, failed login records that include information associated with failed login attempts are obtained for analysis. The failed login records are analyzed to identify a set of failed login records that show initial characteristics of a suspicious pattern of activity. The information included in the set of failed login records are further analyzed to determine whether a suspicious pattern of activity is actually present. When a suspicious pattern of activity is identified in the set of failed login records, the passwords used in the failed login attempts are stored in password blacklists associated with the account identifier(s) with which the passwords were used.
-
Citations
20 Claims
-
1. A computer-implemented method for improving account security based on identified suspicious patterns of activity, the method comprising:
-
obtaining a plurality of failed login records, each of the failed login records having a set of password data that is associated with at least one of a plurality of failed login attempts, wherein the plurality of failed login attempts is associated with at least one account identifier; identifying a suspicious pattern of activity that corresponds to at least a portion of the failed login records, the suspicious pattern of activity being identified based at least in part on a recognition of a common set of password data that is in each of the at least a portion of the failed login records; and storing a copy of the common set of password data as a bad set of password data into a password history log, the password history log being configured to store a plurality of bad sets of password data that are not to be associated with the at least one account identifier. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A non-transitory computer storage medium storing computer-useable instructions that, when used by one or more computing devices, cause the one or more computing devices to perform operations comprising:
-
obtaining a plurality of failed login records, each of the failed login records having a set of password data and failed login data that are both associated with at least one of a plurality of failed login attempts, wherein the plurality of failed login attempts is associated with at least one account identifier; identifying a suspicious pattern of activity that corresponds to at least a portion of the failed login records, the suspicious pattern of activity being identified based at least in part on a recognition of a common piece of failed login data that is in each of the at least a portion of the failed login records; and storing a copy of the set of password data from each of the at least a portion of the failed login records as at least one bad set of password data into a password history log, the password history log being configured to store a plurality of bad sets of password data that are not to be associated with the at least one account identifier. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A computerized system comprising:
-
one or more processors; and one or more computer storage media storing computer-usable instructions that, when used by the one or more processors, cause the one or more processors to; obtain a plurality of failed login records, each of the failed login records having a set of password data that is associated with at least one of a plurality of failed login attempts, wherein the plurality of failed login attempts is associated with at least one account identifier; identify a suspicious pattern of activity that corresponds to at least a portion of the failed login records, the suspicious pattern of activity being identified based at least in part on a pattern recognition method that includes one of; a common set of password data being in each of the at least a portion of the failed login records, or a common piece of failed login data that is in each of the at least a portion of the failed login records; and based on the pattern recognition method, store into a password history log, as at least one bad set of password data, one of; a copy of the common set of password data, or a copy of the set of password data from each of the at least a portion of the failed login records having the common piece of failed login data, the password history log being configured to store a plurality of bad sets of password data that are not to be associated with the at least one account identifier. - View Dependent Claims (17, 18, 19, 20)
-
Specification