The present invention relates to a system and method for authentication of user credentials utilizing a combination of both alphanumeric and graphical password generation and retrieval techniques which includes generating a map with a plurality of symbols populated on the map, wherein the symbols include a plurality of targets and distractors which are associated with alphanumeric characters and wherein a user can utilize the symbols on the map in a particular custom path on the map so as to aid in the generation and future recollection of a selected complex alphanumeric password.

Selecting a persona for a Decentralized Identifier (DID) and associated DID document based on a trust score. A request for data or services associated with an owner of various decentralized identifiers (DID) is received. Each of the plurality of DIDs may have an associated DID document. The associated DID document for each of the DIDs defines a persona based on an amount of identifying information included in the DID document. Based on the received request, a trust score is assigned to an entity that generated the received request. The trust score is at least partially based on the verifiability of an identity of the entity that generated the received request. Based on the trust score, the persona and the associated DID and DID document that should be used by the owner for interacting with the entity that generated the request is selected.

A secure method for resetting the password for an account is disclosed. During the setup of the account, the user can provide the service provider with a media file, and when the user asks the service provider to reset the password for the account, the user will be prompted with several media files. The user can be asked to identify the media file that the user provided to the service provider at the time of the setup of the account. If the user properly identifies the media file, the password will be reset.

A method for resolving ambiguity in computer data includes processing a record creation request transmitted from a computing device. The record creation request includes entity creation data and a login key. The login key includes a primary identifier and a password. The method also includes executing a matching algorithm with a selectable combination of the entity creation data at an entity database to identify a single entity record matching a selectable combination of the record creation request. The single entity record is linked to multiple different login keys. The method also includes updating one or more attributes of the single entity record with the entity creation data. Further, the method includes storing session data created during a session associated with the login key by using the login key to segregate the session data in the entity database, and linking the session data to the single entity record.

Identifying users is disclosed including, in response to receiving an account operating request of an account sent by a user device, obtaining a personal question from a personal questions database and sending the personal question to the user device, receiving, from the user device, a verification response to the personal question, and determining whether a current user is a user associated with the account based at least in part on the verification response and a corresponding standard response in the personal questions database, where the personal question obtained from the personal questions database and the corresponding standard response were generated based at least in part on account operating information of the user associated with the account.

A technique for protecting a cryptographic key. A user has an identifier and an associated password. The first cryptographic key is designed to decrypt a piece of encrypted data. The user device generates a second cryptographic key by applying a key derivation algorithm to at least the password, then encrypts the first cryptographic key by applying an encryption algorithm parameterized by the second cryptographic key. The user device then provides the encryption of the first cryptographic key to a management device for storage. A response associated with a question is obtained from the user. The user device calculates a result of an application of a function to at least one response associated with a question, then provides a value dependent on the result to a management device for storage. The value then enables the user device to determine the password when it has the response to the corresponding question.

A non-transitory computer-readable recording medium having computer-readable instructions stored thereon, which when executed, cause an information processing apparatus including a memory and processing circuitry, to execute a method including managing a first account and a second account for a service provided by the information processing apparatus, registering a second user corresponding to the second account as a user capable of recovering the first account, in response to receiving a request from a first information processing terminal corresponding to a first user corresponding to the first account, determining whether authentication is successful based on authentication information of the first user received from a second information processing terminal corresponding to the second user, and providing the first user access to the service based on the determination.

The present disclosure provides a new and innovative system, method, and non-transitory computer-readable medium for securely recovering access to an online service account. Secret splitting is utilized to require multiple recovery mechanisms in order to recover access to an online service account, thus decreasing the likelihood that a malicious attacker will compromise all of the recovery mechanisms to gain access to the online service account. The secret is split into a quantity of tokens via a secret sharing function that can reconstruct the secret with a predetermined threshold quantity of the tokens. The level of security provided by the system is flexible by adjusting the quantity of recovery mechanisms and the predetermined threshold quantity of tokens required to reconstruct the secret.

Systems, devices, and methods for automating network account transfers based on predicted inactivity are disclosed. In one embodiment, the system comprises a mail server providing access to an email account of a user; a social graph monitor configured to: periodically query, over a network, a social graph associated with the user to retrieve at least one social network feed associated with the user, calculate a sentiment score for the social network feed based on parsing the social network feed using a natural language parser, and determining that a transfer condition has occurred if the sentiment score exceeds a pre-defined sentiment score threshold; and a condition processor configured to: transmit, via the mail server, a password reset request to a network application associated with the transfer condition, intercept an email from the network application, via the mail server, transmitted in response to the password reset request, forward, via the mail server, the email to a recipient associated with the transfer condition, determine that the recipient has reset a password associated with the network application, and forward, to the recipient via the mail server, subsequent emails from the network application.

A method and a terminal for enhancing information security, where the method includes receiving, by a terminal, an open instruction of a sensitive application, starting a security policy of the sensitive application, displaying prompt information that a notification message arrives when the notification message related to the sensitive application is received, and displaying a prompt for entering a password when an instruction for opening the notification message is received. Hence, a preset security policy is automatically started when the sensitive application is used. When the notification message related to the sensitive application is received, a corresponding password needs to be entered. This enhances information security, facilitates use by a user, and improves user experience.