Social authentication for account recovery
First Claim
1. One or more computer-readable storage devices storing computer-executable instructions that, when executed, configure one or more devices associated with a service to perform operations comprising:
- receiving, by the one or more devices associated with the service, a request from at least one trustee of a plurality of trustees for a respective account recovery code, the respective account recovery code for use by an account holder in conjunction with other account recovery codes sent to other trustees of the plurality of trustees during an account recovery process to recover access to an account of the account holder with the service, the plurality of trustees being designated by the account holder as trustees for the account recovery process, the account having initial access information for accessing the account and the account recovery process not recovering the initial access information;
transmitting a query to the at least one trustee, the query related to a manner in which the account holder requested the at least one trustee obtain the respective account recovery code;
receiving a response to the query from the at least one trustee;
sending, by the one or more devices associated with the service, a warning message to the at least one trustee to enhance security based at least in part on at least one answer provided in response to the query, wherein the warning message is configured to provide the at least one trustee with information to assist at least in part in determining whether or not to proceed with the acquisition of the respective account recovery code.
2 Assignments
0 Petitions
Accused Products
Abstract
A backup account recovery authentication of last resort using social authentication is described. The account holder requests trustees who have been previously identified to obtain an account recovery code. The account recovery system sends a communication to the trustee for information to verify the trustee as one of the previously identified trustees. The account recovery system then may transmit a link and code with instructions for the trustee to return the link. The account recovery system then transmits a situational query to the trustee to provide additional security. Finally, if all the communications have been completed for the required level of security, the account recovery code is transmitted to the trustee. The trustee sends the account recovery code to the account holder for access to an account.
-
Citations
28 Claims
-
1. One or more computer-readable storage devices storing computer-executable instructions that, when executed, configure one or more devices associated with a service to perform operations comprising:
-
receiving, by the one or more devices associated with the service, a request from at least one trustee of a plurality of trustees for a respective account recovery code, the respective account recovery code for use by an account holder in conjunction with other account recovery codes sent to other trustees of the plurality of trustees during an account recovery process to recover access to an account of the account holder with the service, the plurality of trustees being designated by the account holder as trustees for the account recovery process, the account having initial access information for accessing the account and the account recovery process not recovering the initial access information; transmitting a query to the at least one trustee, the query related to a manner in which the account holder requested the at least one trustee obtain the respective account recovery code; receiving a response to the query from the at least one trustee; sending, by the one or more devices associated with the service, a warning message to the at least one trustee to enhance security based at least in part on at least one answer provided in response to the query, wherein the warning message is configured to provide the at least one trustee with information to assist at least in part in determining whether or not to proceed with the acquisition of the respective account recovery code. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method, comprising:
-
under control of one or more processors of one or more devices associated with a first entity specifically configured with executable instructions, receiving, from an account holder of an account with the first entity, identification of a plurality of second entities as trustees for an account recovery process, the account having initial access information for accessing the account, the account recovery process for recovering access to the account; subsequent to the initiation of the account recovery process, transmitting, by the one or more devices associated with the first entity, a respective account recovery code to at least two of the plurality of second entities identified as trustees for the account, the respective account recovery codes being distinct from one another; receiving, from the account holder over a network, at least a predefined number of distinct account recovery codes of the account recovery codes, and verifying, by the one or more devices associated with the first entity, the account holder at least in part in response to the receiving of at least the predefined number of distinct account recovery codes of the account recovery codes from the account holder, the predefined number of the distinct account recovery codes being at least two, the account recovery process not recovering the initial access information. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. One or more computer-readable storage devices storing computer-executable instructions that, when executed, configure a computer to perform acts comprising:
-
receiving, from an account holder of an account with a remote service, identification of a plurality of entities as trustees for an account recovery process, the account having initial access information for accessing the account, the account recovery process for recovering access to the account with the remote service; subsequent to the initiation of the account recovery process, transmitting, by one or more devices associated with the remote service, a respective account recovery code to each of at least two of the plurality of entities identified as trustees for the account, the respective account recovery codes being distinct from one another; receiving, by the one or more devices associated with the remote service, at least a predefined number of distinct account recovery codes from the account holder over a network, and verifying, by the one or more devices associated with the remote service, the account holder at least in part in response to the receiving of at least the predefined number of distinct account recovery codes of the account recovery codes from the account holder, the predefined number of the distinct account recovery codes being at least two; based at least in part on the verifying the account holder, providing account recovery information to the account holder, the account recovery process not recovering the initial access information and the account recovery information being different from the initial access information. - View Dependent Claims (19, 20, 21)
-
-
22. A method comprising:
-
under control of one or more processors of one or more devices associated with a service specifically configured with executable instructions, receiving, by the one or more devices associated with the service, a request from at least one trustee of a plurality of trustees for a respective account recovery code, the respective account recovery code for use by an account holder in conjunction with other account recovery codes sent to other trustees of the plurality of trustees during an account recovery process to recover access to an account of the account holder with the service, the plurality of trustees being designated by the account holder as trustees for the account recovery process, the account having initial access information for accessing the account and the account recovery process not recovering the initial access information; transmitting a query to the at least one trustee, the query related to a manner in which the account holder requested the at least one trustee obtain the respective account recovery code; receiving a response to the query from the at least one trustee; and sending, by the one or more devices associated with the service, a warning message to the at least one trustee to enhance security based at least in part on at least one answer provided in the response to the query, wherein the warning message is configured to provide the at least one trustee with information to assist at least in part in determining whether or not to proceed with the acquisition of the respective account recovery code. - View Dependent Claims (23, 24, 25, 26, 27, 28)
-
Specification