Disclosure of Invention
In view of this, embodiments of the present specification provide an account login method, an account login apparatus, a computing device, and a storage medium, so as to solve technical defects in the prior art.
According to a first aspect of embodiments of the present specification, there is provided an account login method, including:
receiving a first authentication request for a first account in a preset security period, wherein the first authentication request comprises the first account to be authenticated and a password;
authenticating the first authentication request;
if the authentication is successful, displaying an additional access password to the user initiating the first authentication request, and allowing the user initiating the first authentication request to log in a service system corresponding to the first account;
receiving a non-primary authentication request for the first account in the preset security period, and prompting a user initiating the non-primary authentication request to provide an authentication item, wherein the authentication item at least comprises an additional access password;
authenticating the non-primary authentication request according to the additional access password provided by the user initiating the non-primary authentication request;
and if the authentication is successful, allowing the user initiating the non-primary authentication request to log in a service system corresponding to the first account.
Optionally, the additional access password comprises:
random numbers, random patterns, or random speech.
Optionally, after allowing the user initiating the primary authentication request to log in the service system corresponding to the first account, the method further includes:
and setting a label which is logged in for the first time within a preset safety period for the first account.
Optionally, the authentication item further includes:
and adding the additional access password and the random number displayed by the current authentication page for the user initiating the non-primary authentication request to obtain a numerical value.
Optionally, the method further includes:
and if the authentication of the first authentication request fails, not displaying the additional access password, and refusing the user initiating the first authentication request to log in the service system corresponding to the first account.
Optionally, the method further includes:
and if the authentication of the non-primary authentication request fails, refusing the user initiating the non-primary authentication request to log in a service system corresponding to the first account.
Optionally, the method further includes:
after the authentication of the non-primary authentication request fails, receiving a complaint request of the user initiating the non-primary authentication request, wherein the complaint request comprises the first account and the password to be authenticated;
displaying a complaint page to a user who initiates the complaint request, and authenticating the complaint request;
if the authentication is successful, displaying information when the authentication is successful for the first time in the preset safety period to a user who initiates the complaint request;
receiving an operation request of a user who initiates the complaint request;
if the operation request is a reset token, modifying the additional access password, sending the modified additional access password to the user registering the first account in a short message or mailbox mode, and adding additional processing; receiving a modification request of the user registering the first account, wherein the modification request comprises the first account and a new password of the first account; allowing the user registering the first account to log in a business system corresponding to the first account, and storing the first account and a new password of the first account;
if the operation request is a retrieval token, sending the additional access password to the user registering the first account in a short message or mailbox mode; receiving an authentication request of the user registering the first account, wherein the authentication request comprises the first account to be authenticated and a password; and allowing the user who successfully authenticates and registers the first account to log in a service system corresponding to the first account.
Optionally, the information when the first authentication is successful in the preset security period includes:
the IP of the user initiating the first authentication request, the time when the first authentication is successful and the browser type used when the user initiating the first authentication request is successfully authenticated.
Optionally, the additional processing includes:
setting a high-risk label for the first account;
displaying a request for forcibly modifying a password to the user who registers the first account;
freezing the first account number.
According to a second aspect of embodiments of the present specification, there is provided an account login apparatus including:
the system comprises a receiving module, a sending module and a processing module, wherein the receiving module is configured to receive a first authentication request for a first account in a preset security period, and the first authentication request comprises the first account to be authenticated and a password;
an authentication module configured to authenticate the first authentication request;
the processing module is configured to display an additional access password to a user initiating the first authentication request when the first authentication request is successfully authenticated, and allow the user initiating the first authentication request to log in a service system corresponding to a first account;
the receiving module is further configured to receive a non-primary authentication request for the first account within the security period;
the processing module is further configured to prompt a user initiating the non-primary authentication request to provide an authentication item after receiving the non-primary authentication request for the first account in the security cycle, wherein the authentication item at least comprises an additional access password;
the authentication module is further configured to authenticate the non-first-time authentication request according to the additional access password provided by the user initiating the non-first-time authentication request;
the processing module is further configured to allow the user initiating the non-primary authentication request to log in a service system corresponding to the first account when the non-primary authentication request is successful.
Optionally, the additional access password comprises:
random numbers, random patterns, or random speech.
Optionally, the processing module further includes:
and the setting unit is configured to set a label which is logged in for the first time within a preset security period for the first account after allowing the user initiating the first authentication request to log in a service system corresponding to the first account.
Optionally, the authentication item further includes:
and adding the additional access password and the random number displayed by the current authentication page for the user initiating the non-primary authentication request to obtain a numerical value.
Optionally, the processing module further includes:
and the first processing unit is configured to not display the additional access password after the authentication of the first authentication request fails, and refuse the user initiating the first authentication request to log in the service system corresponding to the first account.
Optionally, the processing module further includes:
and the second processing unit is configured to refuse the user initiating the non-primary authentication request to log in a service system corresponding to the first account after the authentication of the non-primary authentication request fails.
Optionally, the processing module further includes:
a third processing unit, configured to receive, after the authentication of the non-primary authentication request fails, a complaint request of the user initiating the non-primary authentication request, where the complaint request includes the first account and a password to be authenticated;
displaying a complaint page to a user who initiates the complaint request, and authenticating the complaint request;
when the complaint request is successfully authenticated, displaying information of the first authentication success in the preset safety period to a user who initiates the complaint request;
receiving an operation request of a user who initiates the complaint request;
if the operation request is a reset token, modifying the additional access password, sending the modified additional access password to the user registering the first account in a short message or mailbox mode, and adding additional processing; receiving a modification request of the user registering the first account, wherein the modification request comprises the first account and a new password of the first account; allowing the user registering the first account to log in a business system corresponding to the first account, and storing the first account and a new password of the first account;
if the operation request is a retrieval token, sending the additional access password to the user registering the first account in a short message or mailbox mode; receiving an authentication request of the user registering the first account, wherein the authentication request comprises the first account to be authenticated and a password; and allowing the user who successfully authenticates and registers the first account to log in a service system corresponding to the first account.
Optionally, the information when the first authentication is successful in the preset security period includes:
the IP of the user initiating the first authentication request, the time when the first authentication is successful and the browser type used when the user initiating the first authentication request is successfully authenticated. .
Optionally, the additional processing includes:
setting a high-risk label for the first account;
displaying a request for forcibly modifying a password to the user who registers the first account;
freezing the first account number.
According to a third aspect of embodiments herein, there is provided a computing device comprising a memory, a processor and computer instructions stored on the memory and executable on the processor, the processor implementing the steps of the account login method as described above when executing the instructions.
According to a fourth aspect of embodiments herein, there is provided a computer readable storage medium storing computer instructions which, when executed by a processor, implement the steps of the account login method as described above.
The account login method, the account login device, the computing device and the storage medium provided by the embodiment of the description are applied to a scene of remedy when an account password is leaked, an additional access password is provided for a logged-in user when the account logs in for the first time in a preset security period, the user is prompted to simultaneously provide the additional access password when the account logs in again in the preset security period, and otherwise, the user is refused to log in a service system under the account. The method can ensure that a non-self can not log in the business system of the account under the condition that the user for logging in the account for the first time is the self within the preset safety period, or the self can find the leakage of the password of the account in time and can carry out subsequent processing in time under the condition that the user for logging in the account for the first time is the non-self. In addition, compared with the mode of authenticating short messages, the mode of displaying the additional access password after the first login is successful provided by the method can greatly reduce the cost of account authentication.
Detailed Description
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present description. This description may be embodied in many different forms and should not be construed as limited to the embodiments set forth herein, as those skilled in the art will be able to make and use the present disclosure without departing from the spirit and scope of the present disclosure.
In this document, "first", "second", and the like are used only for distinguishing one from another, and do not indicate the degree and order of importance, the premise that each other exists, and the like.
Fig. 1 is a block diagram illustrating a configuration of a computing device 100 according to an embodiment of the present specification. The components of the computing device 100 include, but are not limited to, memory 110 and processor 120. The processor 120 is connected to the memory 110 via the bus 130, and the database 150 is used for storing account numbers and passwords and business system data corresponding to the account numbers.
Computing device 100 also includes access device 140, access device 140 enabling computing device 100 to communicate via one or more networks 160. Examples of such networks include the Public Switched Telephone Network (PSTN), a Local Area Network (LAN), a Wide Area Network (WAN), a Personal Area Network (PAN), or a combination of communication networks such as the internet. Access device 140 may include one or more of any type of network interface (e.g., a Network Interface Card (NIC)) whether wired or wireless, such as an IEEE802.11 Wireless Local Area Network (WLAN) wireless interface, a worldwide interoperability for microwave access (Wi-MAX) interface, an ethernet interface, a Universal Serial Bus (USB) interface, a cellular network interface, a bluetooth interface, a Near Field Communication (NFC) interface, and so forth.
In one embodiment of the present description, the other components of the computing device 100 described above and not shown in FIG. 1 may also be connected to each other, such as by a bus. It should be understood that the block diagram of the computing device architecture shown in FIG. 1 is for purposes of example only and is not limiting as to the scope of the description. Those skilled in the art may add or replace other components as desired.
Computing device 100 may be any type of stationary or mobile computing device, including a mobile computer or mobile computing device (e.g., tablet, personal digital assistant, laptop, notebook, netbook, etc.), a mobile phone (e.g., smartphone), a wearable computing device (e.g., smartwatch, smartglasses, etc.), or other type of mobile device, or a stationary computing device such as a desktop computer or PC. Computing device 100 may also be a mobile or stationary server.
The real user 101 is a user who registers the first account;
the malicious user 102 is a user that knows the first account password.
Wherein the processor 120 may perform the steps of the method shown in fig. 2. FIG. 2 is a flow chart diagram illustrating an account login method according to an embodiment of the present specification, including steps 202-212.
Step 202: receiving a first authentication request for a first account in a preset security period, wherein the first authentication request comprises the first account to be authenticated and a password.
The preset safety period is a certain time period and can be set to be 1 hour, 12 hours or one day from zero; the first account and the password to be authenticated, for example, the first account is abccc, and the password is abccc.
Step 204: and authenticating the first authentication request.
And the server authenticates the first account and the password to determine whether the input first account and the password are correct.
Step 206: and if the authentication is successful, displaying an additional access password to the user initiating the first authentication request, and allowing the user initiating the first authentication request to log in a service system corresponding to the first account.
In an embodiment of the present specification, the additional access password includes:
random numbers, random patterns, or random speech.
For example, the current pre-set security period is appended with the access password as number 385.
And when the authentication of the first authentication request is successful within a preset security period, only displaying the additional access password to the user initiating the first authentication request, thereby ensuring that only the user initiating the first authentication request knows the additional access password, and then continuously authenticating the account but not knowing the additional access password to ensure that the user cannot log in a service system corresponding to the first account.
In an embodiment of this specification, after allowing the user initiating the primary authentication request to log in the service system corresponding to the first account, the method further includes:
and setting a label which is logged in for the first time within a preset safety period for the first account.
When a non-primary authentication request is received in a preset security period, the account number in the non-primary authentication request is detected to have a label which is logged in for the first time in the preset security period, so that the account number can be determined to be logged in, and the additional access password is not displayed.
Step 208: and receiving a non-primary authentication request for the first account in the preset security period, and prompting a user initiating the non-primary authentication request to provide an authentication item, wherein the authentication item at least comprises an additional access password.
For example, the user initiating the non-first authentication request is prompted to enter an additional access password 385 on the authentication page.
When the user authenticates the first account again in the preset security period, the user who initiates the non-primary authentication request at least provides an additional access password, so that the user who initiates the non-primary authentication request can log in the service system corresponding to the first account only by knowing the additional access password.
In an embodiment of the present specification, the authentication item further includes:
and adding the additional access password and the random number displayed by the current authentication page for the user initiating the non-primary authentication request to obtain a numerical value.
For example, in addition to prompting the user initiating the non-first authentication request to enter the additional access password 385 on the authentication page, the random number 64 is displayed for the user initiating the non-first authentication request, and the user initiating the non-first authentication request is prompted to enter the result 449 of 385 plus 64 on the authentication page.
When a non-primary authentication request is received, the user initiating the non-primary authentication request can be prompted to provide a numerical value obtained by adding the additional access password and a random number displayed by the current authentication page for the user initiating the non-primary authentication request, so that the phenomenon of machine automatic login is also prevented.
Step 210: and authenticating the non-primary authentication request according to the additional access password provided by the user initiating the non-primary authentication request.
Detecting whether an authentication item input by a user initiating the non-first-time authentication request matches an account abccc, a password abccc, and an additional access password 385.
Whether an additional authentication password provided by a user initiating a non-primary authentication request is matched with an additional access password provided by a server when primary authentication is successful or not is detected, so that the user initiating the non-primary authentication request can log in a service system corresponding to a first account only by knowing the additional access password. In the method, under the condition that the user initiating the first authentication request is the user, other malicious users cannot log in the service system corresponding to the first account; under the condition that the user who initiates the first authentication request is not the principal, the principal can find out that the account password of the principal is leaked without knowing the additional access password when authenticating the first account, so that the subsequent processing can be carried out.
Step 212: and if the authentication is successful, allowing the user initiating the non-primary authentication request to log in a service system corresponding to the first account.
In an embodiment of this specification, the method further includes:
and if the authentication of the non-primary authentication request fails, refusing the user initiating the non-primary authentication request to log in a service system corresponding to the first account.
In an embodiment of this specification, the method further includes:
after the authentication of the non-primary authentication request fails, receiving a complaint request of the user initiating the non-primary authentication request, wherein the complaint request comprises the first account and the password to be authenticated;
displaying a complaint page to a user who initiates the complaint request, and authenticating the complaint request;
if the authentication is successful, displaying information when the authentication is successful for the first time in the preset safety period to a user who initiates the complaint request;
receiving an operation request of a user who initiates the complaint request;
if the operation request is a reset token, modifying the additional access password, sending the modified additional access password to the user registering the first account in a short message or mailbox mode, and adding additional processing;
receiving a modification request of the user registering the first account, wherein the modification request comprises the first account and a new password of the first account;
allowing the user registering the first account to log in a business system corresponding to the first account, and storing the first account and a new password of the first account;
if the operation request is a retrieval token, sending the additional access password to the user registering the first account in a short message or mailbox mode;
receiving an authentication request of the user registering the first account, wherein the authentication request comprises the first account to be authenticated and a password;
and allowing the user who successfully authenticates and registers the first account to log in a service system corresponding to the first account.
By the method, when the user initiating the first authentication request is the real user of the first account and the real user initiates a non-first authentication request but forgets the additional access password, the additional access password during the first authentication can be retrieved in a manner of retrieving the token in the complaint page, so that the authentication is successful and the service system of the first account is logged in; or
When the user initiating the first authentication request is not the real user of the first account and the real user initiates a non-first authentication request, the password can be found to be leaked, and the additional access password modified by the server is obtained by means of complaint of the page modification token, so that the authentication is successful, the service system of the first account is logged in, and the password of the first account is modified.
In an embodiment of this specification, the information when the first authentication is successful in the preset security period includes:
the IP of the user initiating the first authentication request, the time when the first authentication is successful and the browser type used when the user initiating the first authentication request is successfully authenticated.
For example, when the first authentication is successful, the IP of the user initiating the first authentication request is stored as 10.24.113.1, the time when the first authentication is successful is stored as 02:34, and the browser type used when the user initiating the first authentication request is successfully authenticated is stored.
When a real user of a first account initiates a non-primary authentication request, the real user can remember an additional access password or confirm whether the primary authentication request is initiated by the user or not by providing the information of successful primary authentication in the preset security period for the real user.
In an embodiment of this specification, the subsequent processing includes:
setting a high-risk label for the first account;
displaying a request for forcibly modifying a password to the user who registers the first account;
freezing the first account number.
For example, when a real user of the account abccc finds that the password is leaked, the server marks the account abccc as high-risk, provides a request for modifying the password for the real user, and freezes the account abccc after more than 5 times of authentication failures are performed on the account abccc.
The method can ensure that a user who logs in the account for the first time in a preset safety period can not log in the business system of the account if the user is the user, or the user can find the leakage of the password of the account in time and can perform subsequent processing in time if the user who logs in the account for the first time is the user. In addition, compared with the mode of authenticating short messages, the mode of displaying the additional access password after the first login is successful provided by the method can greatly reduce the cost of account authentication.
Corresponding to the aforementioned account login method, an embodiment of the present specification further provides an account login device, which may be implemented by software, or implemented by hardware, or implemented by a combination of hardware and software. The software implementation is taken as an example, and is formed by reading corresponding computer program instructions in the nonvolatile memory into the memory for operation through the processor of the device where the software implementation is located as a logical means. In terms of hardware, the device in which the account login apparatus of this specification is located may include other hardware besides the processor, the network interface, the memory, and the nonvolatile memory, which is not described again.
Referring to fig. 3, a block diagram of an account login apparatus 300 according to an embodiment of the present disclosure is provided. The account registration apparatus includes:
a receiving module 310, configured to receive a first authentication request for a first account within a preset security period, where the first authentication request includes the first account to be authenticated and a password;
an authentication module 320 configured to authenticate the first authentication request;
the processing module 330 is configured to display an additional access password to the user initiating the first authentication request when the authentication of the first authentication request is successful, and allow the user initiating the first authentication request to log in a service system corresponding to a first account;
the receiving module 310 is further configured to receive a non-primary authentication request for the first account within the security period;
the processing module 330 is further configured to prompt a user initiating the non-primary authentication request to provide an authentication item after receiving the non-primary authentication request for the first account in the security cycle, where the authentication item includes at least an additional access password;
the authentication module 320 is further configured to authenticate the non-first-time authentication request according to the additional access password provided by the user initiating the non-first-time authentication request;
the processing module 330 is further configured to allow the user initiating the non-primary authentication request to log in a service system corresponding to the first account when the non-primary authentication request is successful.
In an alternative embodiment, the additional access password comprises:
random numbers, random patterns, or random speech.
In an optional embodiment, the processing module 330 further includes:
and the setting unit is configured to set a label which is logged in for the first time within a preset security period for the first account after allowing the user initiating the first authentication request to log in a service system corresponding to the first account.
In an optional embodiment, the authentication item further comprises:
and adding the additional access password and the random number displayed by the current authentication page for the user initiating the non-primary authentication request to obtain a numerical value.
In an optional embodiment, the processing module 330 further includes:
and the first processing unit is configured to not display the additional access password after the authentication of the first authentication request fails, and refuse the user initiating the first authentication request to log in the service system corresponding to the first account.
In an optional embodiment, the processing module 330 further includes:
and the second processing unit is configured to refuse the user initiating the non-primary authentication request to log in a service system corresponding to the first account after the authentication of the non-primary authentication request fails.
In an optional embodiment, the processing module 330 further includes:
a third processing unit, configured to receive, after the authentication of the non-primary authentication request fails, a complaint request of the user initiating the non-primary authentication request, where the complaint request includes the first account and a password to be authenticated;
displaying a complaint page to a user who initiates the complaint request, and authenticating the complaint request;
when the complaint request is successfully authenticated, displaying information of the first authentication success in the preset safety period to a user who initiates the complaint request;
receiving an operation request of a user who initiates the complaint request;
if the operation request is a reset token, modifying the additional access password, sending the modified additional access password to the user registering the first account in a short message or mailbox mode, and adding additional processing; receiving a modification request of the user registering the first account, wherein the modification request comprises the first account and a new password of the first account; allowing the user registering the first account to log in a business system corresponding to the first account, and storing the first account and a new password of the first account;
if the operation request is a retrieval token, sending the additional access password to the user registering the first account in a short message or mailbox mode; receiving an authentication request of the user registering the first account, wherein the authentication request comprises the first account to be authenticated and a password; and allowing the user who successfully authenticates and registers the first account to log in a service system corresponding to the first account.
In an optional embodiment, the information when the first authentication is successful in the preset security period includes:
the IP of the user initiating the first authentication request, the time when the first authentication is successful and the browser type used when the user initiating the first authentication request is successfully authenticated.
In an alternative embodiment, the additional processing comprises:
setting a high-risk label for the first account;
displaying a request for forcibly modifying a password to the user who registers the first account;
freezing the first account number.
The account login device disclosed by the embodiment can ensure that a non-self can not log in a business system of the account under the condition that a user for logging in the account for the first time in a preset safety period is the self, or the self can timely find that the password of the account is leaked under the condition that the user for logging in the account for the first time is the non-self, and can timely perform subsequent processing. In addition, compared with the mode of authenticating short messages, the mode of displaying the additional access password applied by the device to the user after the first login is successful can greatly reduce the cost of account authentication.
The devices, modules or units illustrated in the above embodiments may be specifically implemented by computer chips or entities,
or by a product having a certain function. A typical implementation device is a computer, which may take the form of a personal computer, laptop computer, cellular telephone, camera phone, smart phone, personal digital assistant, media player, navigation device, email messaging device, game console, tablet computer, wearable device, or a combination of any of these devices.
The implementation process of the functions and actions of each unit in the above device is specifically described in the implementation process of the corresponding step in the above method, and is not described herein again.
For the device embodiments, since they substantially correspond to the method embodiments, reference may be made to the partial description of the method embodiments for relevant points. The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules can be selected according to actual needs to achieve the purpose of the solution in the specification. One of ordinary skill in the art can understand and implement it without inventive effort.
An embodiment of the present specification further provides a computing device, including a memory, a processor, and computer instructions stored on the memory and executable on the processor, where the processor executes the instructions to implement the steps of the account login method.
An embodiment of the present specification further provides a computer readable storage medium, which stores computer instructions, and when the instructions are executed by a processor, the computer instructions implement the steps of the account login method.
The above is an illustrative scheme of a computer-readable storage medium of the present embodiment. It should be noted that the technical solution of the storage medium belongs to the same concept as the technical solution of the above-mentioned automatic testing method, and details that are not described in detail in the technical solution of the storage medium can be referred to the description of the technical solution of the above-mentioned automatic testing method.
The computer instructions comprise computer program code which may be in the form of source code, object code, an executable file or some intermediate form, or the like. The computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, usb disk, removable hard disk, magnetic disk, optical disk, computer Memory, Read-Only Memory (ROM), Random Access Memory (RAM), electrical carrier wave signals, telecommunications signals, software distribution medium, and the like. It should be noted that the computer readable medium may contain content that is subject to appropriate increase or decrease as required by legislation and patent practice in jurisdictions, for example, in some jurisdictions, computer readable media does not include electrical carrier signals and telecommunications signals as is required by legislation and patent practice.
It should be noted that, for the sake of simplicity, the foregoing method embodiments are described as a series of acts or combinations, but those skilled in the art should understand that the present disclosure is not limited by the described order of acts, as some steps may be performed in other orders or simultaneously according to the present disclosure. Further, those skilled in the art should also appreciate that the embodiments described in this specification are preferred embodiments and that acts and modules referred to are not necessarily required for this description.
In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
The preferred embodiments of the present specification disclosed above are intended only to aid in the description of the specification. Alternative embodiments are not exhaustive and do not limit the invention to the precise embodiments described. Obviously, many modifications and variations are possible in light of the above teaching. The embodiments were chosen and described in order to best explain the principles of the specification and its practical application, to thereby enable others skilled in the art to best understand the specification and its practical application. The specification is limited only by the claims and their full scope and equivalents.