A method and a network node for managing access, by a device, to a blockchain. The network node receives, a first request for creation of a first account. The first request includes information relating to a user of the device and a first hash value. The network node creates, based on the information and the first hash value, the first account on the blockchain, whereby a first address is obtained. The network node receives, a second request for recovering account information of the first account. The second request includes the first address of the first account, a source value from which the first hash value is derived and a second address of a second account. The network node generates a second hash value based on the source value. The network node initiates transfer of the account information of the first account to the second account.

Systems and methods are provided for performing operations including: receiving, via a messaging application of a user device, a request to recover access to an account of a user of the messaging application; accessing a first object corresponding to a first key; receiving, from a first friend of the user on the messaging application, a second object corresponding to a first portion of a second key; receiving, from a second friend of the user on the messaging application, a third object corresponding to a second portion of the second key; deriving the second key based on the second and third objects; and recovering access to the account of the user based on the first key and the second key.

A technique for protecting a cryptographic key. A user has an identifier and an associated password. The first cryptographic key is designed to decrypt a piece of encrypted data. The user device generates a second cryptographic key by applying a key derivation algorithm to at least the password, then encrypts the first cryptographic key by applying an encryption algorithm parameterized by the second cryptographic key. The user device then provides the encryption of the first cryptographic key to a management device for storage. A response associated with a question is obtained from the user. The user device calculates a result of an application of a function to at least one response associated with a question, then provides a value dependent on the result to a management device for storage. The value then enables the user device to determine the password when it has the response to the corresponding question.

Disclosed are various examples for managing firmware passwords, such as BIOS passwords. A password reset command can be generated and transmitted to a client device. A management agent can execute the command and provide confirmation to a management service that the password has been updated.

Novel distractorless authorship verification technology optionally combines with novel algorithms to solve authorship attribution as to an open set of candidates—such as without limitation by analyzing the voting of “mixture of experts” and outputting the result to a user using the following: if z (z=p.sub.i−p.sub.j√ p.sub.i+p.sub.j−(p.sub.i−p.sub.j).sup.2/n) is larger than a first predetermined threshold then author j cannot be the correct author; or if z (z=p.sub.i−p.sub.j√ p.sub.i+p.sub.j−(p.sub.i−p.sub.j).sup.2/n) is smaller than a second predetermined threshold then author i cannot be the correct author; or if no author garners significantly more votes than all other contenders then none of the named authors is the author of a document in question—in a number of novel applications. Personality profiling and authorship attribution may also be used to verify user identity to a computer.

A server to provide single sign on services. The server includes a processor and a memory storing an attempt table. The server, in response to receiving a first password for a user account, forwards the first password to an authentication device. The server determines that the first password is not valid for the user account. The server stores the first password in association with the user account in the attempt table. In response to receiving a second password for the user account, the server determines whether the second password matches the first password. When the second password does not match the first password, the server forwards the second password to the authentication device.

Examples of cloud-based removable drive encryption policy enforcement and recovery key management are described. In some examples, a removable drive encryption policy is received from a cloud-based management service. A removable drive is recognized by an operating system of a client device. An encryption command causes the operating system to request user password creation and encrypt the removable drive. A recovery key is identified from a write-output of the operating system. The recovery key is transmitted to the cloud-based management service for storage in a cloud-based removable drive recovery key escrow.

A secure method for resetting the password for an account is disclosed. During the setup of the account, the user can provide the service provider with a media file, and when the user asks the service provider to reset the password for the account, the user will be prompted with several media files. The user can be asked to identify the media file that the user provided to the service provider at the time of the setup of the account. If the user properly identifies the media file, the password will be reset.

The disclosure herein describes using a password reset agent to automatically change the password of a computing device. A password reset agent is executed at a root level of the computing device, wherein the password reset agent is associated with a public key. A data source is polled by the password reset agent for a private key associated with the public key. Based on finding the private key on the data source, a reset password is determined and based on determining the reset password, the password reset agent changes a current password of the computing device to the determined reset password. The password reset agent runs in the background on the computing device, enabling the agent to change the password, even when the computing device is locked or otherwise inaccessible. The described password reset agent can also be used on virtual machines.

According to an aspect, a method for accessing a computing device includes receiving, by the computing device, an authentication credential for recovery access to the computing device, the authentication credential being different from an authentication credential used to access encrypted data on the computing device, obtaining, in response to receipt of the authentication credential for recovery access, a first key portion stored on the computing device, transmitting, over a network, a request to receive a second key portion, receiving, over the network, a response that includes the second key portion, recovering a decryption key using the first key portion and the second key portion, and decrypting the encrypted data on the computing device using the decryption key.