Described are methods and systems to identify unauthorized attempts to access an account in a computer system, the account having an authorized user. The methods and systems include determining that a count of failed attempts to access the account exceeds a maximum. Based on the count exceeding the maximum, one or more peer contacts associated with the authorized user are retrieved from stored user data. A failure attribution request is transmitted to the one or more peer contacts and a response is received from at least one of the one or more peer contacts. If the response denies that the authorized user caused the failed attempts, then a security action is taken with respect to the account. The method may include first confirming that the number of failure attributions requests sent has not exceeded an abuse threshold to prevent denial-of-service attacks.

Described are methods and systems to identify unauthorized attempts to access an account in a computer system, the account having an authorized user. The methods and systems include determining that a count of failed attempts to access the account exceeds a maximum. Based on the count exceeding the maximum, one or more peer contacts associated with the authorized user are retrieved from stored user data. A failure attribution request is transmitted to the one or more peer contacts and a response is received from at least one of the one or more peer contacts. If the response denies that the authorized user caused the failed attempts, then a security action is taken with respect to the account. The method may include first confirming that the number of failure attributions requests sent has not exceeded an abuse threshold to prevent denial-of-service attacks.

Embodiments of the present disclosure relate to verifying a third-party resource by automatically validating multi-factor message codes associated with the third-party resource to enable access to functionality associated with the third-party resource via a multi-app communication system. An example embodiment includes a multi-app communication system including at least one processor and at least one memory. The embodiment multi-app communication system is configured to receive a sign-in request from a multi-app communication system application executed on a client device, and cause transmission of a multi-factor confirmation message to a verified third-party multi-factor authentication resource. The embodiment multi-app communication system is further configured query the verified third-party multi-factor authentication resource to identify the multi-factor confirmation message, and enable access to the third-party resource.

A method whereby the date of birth (age) of a customer engaging in e-commerce over the Internet is verified. The present invention is launched from a merchant's website when an age sensitive transaction—alcohol or tobacco purchase, access to an adult web site, etc.,—is being undertaken. The system first checks to see if the customer is a known entity with a known date of birth. If the customer is not appropriately known to the system, then the system checks public records from information supplied to the system by the customer. If the date of birth is still unknown after such a check, the customer uploads an image of photo identification which is checked for date of birth either via software and also a selfie holding the identification. Optional SMS code verification can be undertaken. E-signatures can be optionally collected. Once the date of birth is known, the transaction is approved or denied based on the totality of the facts of the transaction.

Examples disclosed herein describe authenticating a first electronic device based on a push message to a second electronic device. In one implementation, a processor receives a user identifier from a first electronic device. The processor may select a message communication type based on the user identifier and transmit an authentication information request to a second electronic device using a push message communication of the selected message communication type. The processor may authenticate the user based on the received response to the request and transmit information related to the user authentication to the first electronic device.

Examples disclosed herein describe authenticating a first electronic device based on a push message to a second electronic device. In one implementation, a processor receives a user identifier from a first electronic device. The processor may select a message communication type based on the user identifier and transmit an authentication information request to a second electronic device using a push message communication of the selected message communication type. The processor may authenticate the user based on the received response to the request and transmit information related to the user authentication to the first electronic device.

A device may receive a request from a first user device to access a protected device. The device may verify a user identity of a user of the first device based on user credentials and determine that an authentication code is needed to authenticate the request to access the protected device. The device may dynamically generate multiple codes and transmit the multiple codes to a second user device associated with the user identity of the user of the first device. A first code, of the multiple codes, may correspond to a correct authentication code needed to authenticate the request to access the protected device. The device may transmit a message including an instruction for identifying the correct authentication code from among the multiple codes, receive a second code from the first device, compare the second code and the first code, and selectively authenticate the request to access the protected device.

Apparatuses, systems and methods are described herein for separately collecting and storing form contents. Different information may be collected from a user on a form. Based on determining that portions of the form request private information, an extended reality (XR) environment may be provided to the user. The user may provide private information via an input method in the XR environment. The user may provide non-private information using a different input method outside of the XR environment. The private information may be processed and stored in a different database as compared to the non-private information. The database storing private information may have a higher security standard than the database storing non-private information.

An administered authentication system can authenticate an artificial reality device using an authorization record between a user account and an artificial reality device. In some implementations, the authorization record is created in response to activation of a user account-specific key sent to a user-supplied contact, where an artificial reality device identifier was provided with the user-supplied contact. In other implementations, the authorization record is created in response to activation of a user account-specific key provided to the artificial reality device as a code, where activation of the key includes adding an artificial reality device identifier to a key activation message. In yet other implementations, the authorization record is created in response to an application associated with a user account activating an artificial reality device-specific key, with an artificial reality device identifier, that is provided via the artificial reality device.

Systems and methods are provided for registering with a given application. The systems and methods include operations for receiving, with a messaging application, a request to authenticate a phone number from the given application, the phone number being input by a user to register an account with the given application; determining that the phone number received in the request matches a user phone number stored in a user account associated with the messaging application; in response to determining that the phone number received in the request matches the user phone number stored in the user account, transmitting a communication from the messaging application to the given application indicating that the phone number has been authenticated; and causing the given application to register the account for the user to enable the user to log into the given application.