IDG Contributor Network: PayPal's better way to count authentication failures

Website payment systems today are pretty good at detecting bad attempts at authenticating. Things get tricky in two areas. The first is keeping track of how many bad attempts happen across different devices, browsers and IP addresses. That's critical if you want to enforce a "six authentication errors and we lock you out for two days" kind of policy. The second is trying to differentiate between someone trying to guess a password — or to use what they thought they saw while shoulder surfing — and someone who simply makes typos when quickly trying to enter the password. Is it an honest mistake or a criminal attempt?

In a patent that was awarded to PayPal on Tuesday (Aug. 2), the payments maestro has convinced federal patent people that it has come up with a way to more accurately navigate both of those authentication mine fields.

To read this article in full or to leave a comment, please click here