Provided is dynamic and flexible authentication based on an interaction over a communications link between a user device and a financial entity. A set of interactions enabled at the user device are categorized into different levels, each level comprises a different authentication policy. At about the same time as an interaction is initiated at the device, an authentication policy assigned to the interaction is accessed and a security challenge is activated at the device. Based upon a successful response to the security challenge, an enablement of the communications link is continued. Based upon an unsuccessful response to the security challenge, the communications link is disabled.

An authentication method executed by the processing device of a computer system is provided. The method includes the following operations. The method includes requesting identification information from a user device, in response to receiving an authentication assistance request from the user device. The method further includes receiving the identification information of a second user from the user device. Based on the identification information of the second user, the method further includes determining whether the second user meets an authentication assistance qualification corresponding to a first user. The method further includes requesting a first password from the user device when the second user meets the authentication assistance qualification. The method further includes receiving the first password from the user device and verifying whether the first password is correct using a multi-factor authentication server.

A system for one-click two-factor includes a processor and a non-transitory, tangible, computer-readable storage medium having instructions stored thereon that, in response to execution by the processor, cause the processor to perform operations including: (i) receiving an access request from a user, the access request including a first authentication factor; (ii) generating a second authentication factor and a hyperlink that includes the second authentication factor; (iii) providing the hyperlink that includes the second authentication factor to a client device associated with the user; (iv) automatically receiving the second authentication factor in response to selection of the hyperlink by the user; and (v) verifying the first authentication factor and the second authentication factor to authenticate the identity of the user. In one aspect, a remote server may generate and send an email that verifies an email address while also passing an application download link that includes a verification code, eliminating the need for a user to manually copy or enter the code.

Techniques are described for performing multi-factor authentication of a user during a service session, based at least partly on a code conveyed using an audio file. A code is generated that corresponds to the user and/or their user device. A playback device that is registered to the user can be used to output a playback of an audio file that encodes the code. The playback of the audio file is conveyed through the service session by the user device and received by a backend server, which analyzes the playback of the audio file to extract the code. The user can be authenticated based at least partly on verifying the code that is extracted from the playback of the audio file, by comparing the extracted code to the code that was generated and sent to the playback device.

The present invention is generally related to systems and methods for providing an improved authentication and verification system through the use of compiled user data and unique user action data collected by the system from a prompted movement analysis. The system may collect and analyze multiple instances of user actions using intelligent machine learning techniques in order to identify patterns unique to the user. The system may then use this information in conjunction with other known information in order to determine the veracity of attempted user authentication or authorization requests.

Multifactor authentication techniques described herein may allow a user to submit a recent proof of purchase as a part of a multifactor authentication process to access an account associated with a financial institution. As part of the login process, the user may submit a proof of purchase associated with a transaction. The financial institution may determine information associated with the transaction, such as a merchant associated with the proof of purchase, a time of the transaction, the last four numbers of the transaction card used, a dollar amount, or any combination thereof. If the information matches one or more records in the transaction history of the user's account, the financial institution may authenticate the user and provide access to the account. In this way, the financial institution may leverage transaction history known to the financial institution and the user to authenticate the user.

Disclosed herein are systems, methods, and computer-readable media for increasing security of devices that leverages an integration of an authentication system with at least one corporate service. In one aspect, a request is received from a user device to authenticate a person as a particular user by the authentication system. A photo of the person attempting to be authenticated as the particular user is captured. Nodal points are mapped to the captured photo of the person attempting to be authenticated, and the nodal points from the photo are compared against a reference model for facial recognition of the particular user. It is then determined whether the nodal points match the reference model for the particular user. The present technology also includes sending a command to the user device to send data to identify the person, and/or a location of the user device.

This disclosure describes techniques for performing enhanced authentication of a device based on physical and logical proximity of the device to one or more other authenticated devices. An example method includes performing, at a first time, a first authentication of a first device or a first user of the first device and determining that the first device is connected to at least one second device in a communication session. The at least one second device or at least one second user of the at least one second device are authenticated. The example method further includes determining a reauthentication interval based on the first device being connected to the at least one second device in the communication session and initiating, at a second time that is after the first time by the reauthentication interval, a second authentication of the first device or the first user of the first device.

Disclosed is a method and authentication server for authentication of users requesting access to a restricted data resource from a communication device. Communication between the communication device and the authentication server passes via an access server, and the RADIUS protocol is used for the communication between the authentication server and the access server. After validating password and username entered by a user, the authentication server sends a request to the communication device to enter an authentication device ID. When receiving an entered authentication device ID, the authentication server performs authentication of the user based on a second authentication procedure using the received authentication device ID and when the second authentication procedure is successful, the user is granted access to the restricted data resource. The user can therefore decide which of a plurality of different authentication devices to use.

A back-end server system responds to a request for web-based browser or dedicated application interaction associated with an entity with which the user holds at least one account; performs basic authentication to grant a basic level of remote user access over the Internet to the user device; performs elevated authentication and grants access (i) to an elevated level of remote user access to the at least one account and (ii) access to a pre-authenticated teleconference session.