CN109450917B - Account login method and device, computing equipment and storage medium - Google Patents

Account login method and device, computing equipment and storage medium Download PDF

Info

Publication number
CN109450917B
CN109450917B CN201811435218.4A CN201811435218A CN109450917B CN 109450917 B CN109450917 B CN 109450917B CN 201811435218 A CN201811435218 A CN 201811435218A CN 109450917 B CN109450917 B CN 109450917B
Authority
CN
China
Prior art keywords
account
authentication
request
authentication request
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811435218.4A
Other languages
Chinese (zh)
Other versions
CN109450917A (en
Inventor
蔡淼
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chengdu Xishanju Shiyou Technology Co ltd
Zhuhai Kingsoft Digital Network Technology Co Ltd
Original Assignee
Chengdu Xishanju Shiyou Technology Co ltd
Zhuhai Kingsoft Online Game Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu Xishanju Shiyou Technology Co ltd, Zhuhai Kingsoft Online Game Technology Co Ltd filed Critical Chengdu Xishanju Shiyou Technology Co ltd
Priority to CN201811435218.4A priority Critical patent/CN109450917B/en
Publication of CN109450917A publication Critical patent/CN109450917A/en
Application granted granted Critical
Publication of CN109450917B publication Critical patent/CN109450917B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The specification provides an account login method, an account login device, a computing device and a storage medium, wherein the method comprises the following steps: receiving a first authentication request for a first account in a preset security period, wherein the first authentication request comprises the first account to be authenticated and a password; authenticating the first authentication request; if the authentication is successful, displaying an additional access password to the user initiating the first authentication request, and allowing the user initiating the first authentication request to log in a service system corresponding to the first account; receiving a non-primary authentication request for a first account in a preset security period, and prompting a user initiating the non-primary authentication request to provide an authentication item, wherein the authentication item at least comprises an additional access password; authenticating the non-primary authentication request according to an additional access password provided by a user initiating the non-primary authentication request; and if the authentication is successful, allowing the user initiating the non-primary authentication request to log in a service system corresponding to the first account.

Description

Account login method and device, computing equipment and storage medium
Technical Field
The present disclosure relates to the field of information technologies, and in particular, to an account login method, an account login apparatus, a computing device, and a storage medium.
Background
In computer system design, security policies are designed largely for password protection. Almost all account security policies focus on enhancing the complexity of passwords, enhancing the complexity of account authentication procedures, and limiting user authentication environments. The strategy can ensure that the password of the system account is not easy to be stolen or not easy to be exhausted by an automatic heuristic script. However, in the conventional technology, when the password of the user is guessed by others, or the real user of the account informs others of the password and then does not modify the password in time, the others who know the password of the account cannot be restricted from logging in the account, or after others log in the account, the real user cannot find that the account is authenticated by others in time.
Disclosure of Invention
In view of this, embodiments of the present specification provide an account login method, an account login apparatus, a computing device, and a storage medium, so as to solve technical defects in the prior art.
According to a first aspect of embodiments of the present specification, there is provided an account login method, including:
receiving a first authentication request for a first account in a preset security period, wherein the first authentication request comprises the first account to be authenticated and a password;
authenticating the first authentication request;
if the authentication is successful, displaying an additional access password to the user initiating the first authentication request, and allowing the user initiating the first authentication request to log in a service system corresponding to the first account;
receiving a non-primary authentication request for the first account in the preset security period, and prompting a user initiating the non-primary authentication request to provide an authentication item, wherein the authentication item at least comprises an additional access password;
authenticating the non-primary authentication request according to the additional access password provided by the user initiating the non-primary authentication request;
and if the authentication is successful, allowing the user initiating the non-primary authentication request to log in a service system corresponding to the first account.
Optionally, the additional access password comprises:
random numbers, random patterns, or random speech.
Optionally, after allowing the user initiating the primary authentication request to log in the service system corresponding to the first account, the method further includes:
and setting a label which is logged in for the first time within a preset safety period for the first account.
Optionally, the authentication item further includes:
and adding the additional access password and the random number displayed by the current authentication page for the user initiating the non-primary authentication request to obtain a numerical value.
Optionally, the method further includes:
and if the authentication of the first authentication request fails, not displaying the additional access password, and refusing the user initiating the first authentication request to log in the service system corresponding to the first account.
Optionally, the method further includes:
and if the authentication of the non-primary authentication request fails, refusing the user initiating the non-primary authentication request to log in a service system corresponding to the first account.
Optionally, the method further includes:
after the authentication of the non-primary authentication request fails, receiving a complaint request of the user initiating the non-primary authentication request, wherein the complaint request comprises the first account and the password to be authenticated;
displaying a complaint page to a user who initiates the complaint request, and authenticating the complaint request;
if the authentication is successful, displaying information when the authentication is successful for the first time in the preset safety period to a user who initiates the complaint request;
receiving an operation request of a user who initiates the complaint request;
if the operation request is a reset token, modifying the additional access password, sending the modified additional access password to the user registering the first account in a short message or mailbox mode, and adding additional processing; receiving a modification request of the user registering the first account, wherein the modification request comprises the first account and a new password of the first account; allowing the user registering the first account to log in a business system corresponding to the first account, and storing the first account and a new password of the first account;
if the operation request is a retrieval token, sending the additional access password to the user registering the first account in a short message or mailbox mode; receiving an authentication request of the user registering the first account, wherein the authentication request comprises the first account to be authenticated and a password; and allowing the user who successfully authenticates and registers the first account to log in a service system corresponding to the first account.
Optionally, the information when the first authentication is successful in the preset security period includes:
the IP of the user initiating the first authentication request, the time when the first authentication is successful and the browser type used when the user initiating the first authentication request is successfully authenticated.
Optionally, the additional processing includes:
setting a high-risk label for the first account;
displaying a request for forcibly modifying a password to the user who registers the first account;
freezing the first account number.
According to a second aspect of embodiments of the present specification, there is provided an account login apparatus including:
the system comprises a receiving module, a sending module and a processing module, wherein the receiving module is configured to receive a first authentication request for a first account in a preset security period, and the first authentication request comprises the first account to be authenticated and a password;
an authentication module configured to authenticate the first authentication request;
the processing module is configured to display an additional access password to a user initiating the first authentication request when the first authentication request is successfully authenticated, and allow the user initiating the first authentication request to log in a service system corresponding to a first account;
the receiving module is further configured to receive a non-primary authentication request for the first account within the security period;
the processing module is further configured to prompt a user initiating the non-primary authentication request to provide an authentication item after receiving the non-primary authentication request for the first account in the security cycle, wherein the authentication item at least comprises an additional access password;
the authentication module is further configured to authenticate the non-first-time authentication request according to the additional access password provided by the user initiating the non-first-time authentication request;
the processing module is further configured to allow the user initiating the non-primary authentication request to log in a service system corresponding to the first account when the non-primary authentication request is successful.
Optionally, the additional access password comprises:
random numbers, random patterns, or random speech.
Optionally, the processing module further includes:
and the setting unit is configured to set a label which is logged in for the first time within a preset security period for the first account after allowing the user initiating the first authentication request to log in a service system corresponding to the first account.
Optionally, the authentication item further includes:
and adding the additional access password and the random number displayed by the current authentication page for the user initiating the non-primary authentication request to obtain a numerical value.
Optionally, the processing module further includes:
and the first processing unit is configured to not display the additional access password after the authentication of the first authentication request fails, and refuse the user initiating the first authentication request to log in the service system corresponding to the first account.
Optionally, the processing module further includes:
and the second processing unit is configured to refuse the user initiating the non-primary authentication request to log in a service system corresponding to the first account after the authentication of the non-primary authentication request fails.
Optionally, the processing module further includes:
a third processing unit, configured to receive, after the authentication of the non-primary authentication request fails, a complaint request of the user initiating the non-primary authentication request, where the complaint request includes the first account and a password to be authenticated;
displaying a complaint page to a user who initiates the complaint request, and authenticating the complaint request;
when the complaint request is successfully authenticated, displaying information of the first authentication success in the preset safety period to a user who initiates the complaint request;
receiving an operation request of a user who initiates the complaint request;
if the operation request is a reset token, modifying the additional access password, sending the modified additional access password to the user registering the first account in a short message or mailbox mode, and adding additional processing; receiving a modification request of the user registering the first account, wherein the modification request comprises the first account and a new password of the first account; allowing the user registering the first account to log in a business system corresponding to the first account, and storing the first account and a new password of the first account;
if the operation request is a retrieval token, sending the additional access password to the user registering the first account in a short message or mailbox mode; receiving an authentication request of the user registering the first account, wherein the authentication request comprises the first account to be authenticated and a password; and allowing the user who successfully authenticates and registers the first account to log in a service system corresponding to the first account.
Optionally, the information when the first authentication is successful in the preset security period includes:
the IP of the user initiating the first authentication request, the time when the first authentication is successful and the browser type used when the user initiating the first authentication request is successfully authenticated. .
Optionally, the additional processing includes:
setting a high-risk label for the first account;
displaying a request for forcibly modifying a password to the user who registers the first account;
freezing the first account number.
According to a third aspect of embodiments herein, there is provided a computing device comprising a memory, a processor and computer instructions stored on the memory and executable on the processor, the processor implementing the steps of the account login method as described above when executing the instructions.
According to a fourth aspect of embodiments herein, there is provided a computer readable storage medium storing computer instructions which, when executed by a processor, implement the steps of the account login method as described above.
The account login method, the account login device, the computing device and the storage medium provided by the embodiment of the description are applied to a scene of remedy when an account password is leaked, an additional access password is provided for a logged-in user when the account logs in for the first time in a preset security period, the user is prompted to simultaneously provide the additional access password when the account logs in again in the preset security period, and otherwise, the user is refused to log in a service system under the account. The method can ensure that a non-self can not log in the business system of the account under the condition that the user for logging in the account for the first time is the self within the preset safety period, or the self can find the leakage of the password of the account in time and can carry out subsequent processing in time under the condition that the user for logging in the account for the first time is the non-self. In addition, compared with the mode of authenticating short messages, the mode of displaying the additional access password after the first login is successful provided by the method can greatly reduce the cost of account authentication.
Drawings
FIG. 1 is a block diagram illustrating a computing device according to an embodiment of the present description.
Fig. 2 is a flowchart illustrating an account login method according to an embodiment of the present specification.
Fig. 3 is a block diagram showing an account login apparatus according to an embodiment of the present specification.
Detailed Description
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present description. This description may be embodied in many different forms and should not be construed as limited to the embodiments set forth herein, as those skilled in the art will be able to make and use the present disclosure without departing from the spirit and scope of the present disclosure.
In this document, "first", "second", and the like are used only for distinguishing one from another, and do not indicate the degree and order of importance, the premise that each other exists, and the like.
Fig. 1 is a block diagram illustrating a configuration of a computing device 100 according to an embodiment of the present specification. The components of the computing device 100 include, but are not limited to, memory 110 and processor 120. The processor 120 is connected to the memory 110 via the bus 130, and the database 150 is used for storing account numbers and passwords and business system data corresponding to the account numbers.
Computing device 100 also includes access device 140, access device 140 enabling computing device 100 to communicate via one or more networks 160. Examples of such networks include the Public Switched Telephone Network (PSTN), a Local Area Network (LAN), a Wide Area Network (WAN), a Personal Area Network (PAN), or a combination of communication networks such as the internet. Access device 140 may include one or more of any type of network interface (e.g., a Network Interface Card (NIC)) whether wired or wireless, such as an IEEE802.11 Wireless Local Area Network (WLAN) wireless interface, a worldwide interoperability for microwave access (Wi-MAX) interface, an ethernet interface, a Universal Serial Bus (USB) interface, a cellular network interface, a bluetooth interface, a Near Field Communication (NFC) interface, and so forth.
In one embodiment of the present description, the other components of the computing device 100 described above and not shown in FIG. 1 may also be connected to each other, such as by a bus. It should be understood that the block diagram of the computing device architecture shown in FIG. 1 is for purposes of example only and is not limiting as to the scope of the description. Those skilled in the art may add or replace other components as desired.
Computing device 100 may be any type of stationary or mobile computing device, including a mobile computer or mobile computing device (e.g., tablet, personal digital assistant, laptop, notebook, netbook, etc.), a mobile phone (e.g., smartphone), a wearable computing device (e.g., smartwatch, smartglasses, etc.), or other type of mobile device, or a stationary computing device such as a desktop computer or PC. Computing device 100 may also be a mobile or stationary server.
The real user 101 is a user who registers the first account;
the malicious user 102 is a user that knows the first account password.
Wherein the processor 120 may perform the steps of the method shown in fig. 2. FIG. 2 is a flow chart diagram illustrating an account login method according to an embodiment of the present specification, including steps 202-212.
Step 202: receiving a first authentication request for a first account in a preset security period, wherein the first authentication request comprises the first account to be authenticated and a password.
The preset safety period is a certain time period and can be set to be 1 hour, 12 hours or one day from zero; the first account and the password to be authenticated, for example, the first account is abccc, and the password is abccc.
Step 204: and authenticating the first authentication request.
And the server authenticates the first account and the password to determine whether the input first account and the password are correct.
Step 206: and if the authentication is successful, displaying an additional access password to the user initiating the first authentication request, and allowing the user initiating the first authentication request to log in a service system corresponding to the first account.
In an embodiment of the present specification, the additional access password includes:
random numbers, random patterns, or random speech.
For example, the current pre-set security period is appended with the access password as number 385.
And when the authentication of the first authentication request is successful within a preset security period, only displaying the additional access password to the user initiating the first authentication request, thereby ensuring that only the user initiating the first authentication request knows the additional access password, and then continuously authenticating the account but not knowing the additional access password to ensure that the user cannot log in a service system corresponding to the first account.
In an embodiment of this specification, after allowing the user initiating the primary authentication request to log in the service system corresponding to the first account, the method further includes:
and setting a label which is logged in for the first time within a preset safety period for the first account.
When a non-primary authentication request is received in a preset security period, the account number in the non-primary authentication request is detected to have a label which is logged in for the first time in the preset security period, so that the account number can be determined to be logged in, and the additional access password is not displayed.
Step 208: and receiving a non-primary authentication request for the first account in the preset security period, and prompting a user initiating the non-primary authentication request to provide an authentication item, wherein the authentication item at least comprises an additional access password.
For example, the user initiating the non-first authentication request is prompted to enter an additional access password 385 on the authentication page.
When the user authenticates the first account again in the preset security period, the user who initiates the non-primary authentication request at least provides an additional access password, so that the user who initiates the non-primary authentication request can log in the service system corresponding to the first account only by knowing the additional access password.
In an embodiment of the present specification, the authentication item further includes:
and adding the additional access password and the random number displayed by the current authentication page for the user initiating the non-primary authentication request to obtain a numerical value.
For example, in addition to prompting the user initiating the non-first authentication request to enter the additional access password 385 on the authentication page, the random number 64 is displayed for the user initiating the non-first authentication request, and the user initiating the non-first authentication request is prompted to enter the result 449 of 385 plus 64 on the authentication page.
When a non-primary authentication request is received, the user initiating the non-primary authentication request can be prompted to provide a numerical value obtained by adding the additional access password and a random number displayed by the current authentication page for the user initiating the non-primary authentication request, so that the phenomenon of machine automatic login is also prevented.
Step 210: and authenticating the non-primary authentication request according to the additional access password provided by the user initiating the non-primary authentication request.
Detecting whether an authentication item input by a user initiating the non-first-time authentication request matches an account abccc, a password abccc, and an additional access password 385.
Whether an additional authentication password provided by a user initiating a non-primary authentication request is matched with an additional access password provided by a server when primary authentication is successful or not is detected, so that the user initiating the non-primary authentication request can log in a service system corresponding to a first account only by knowing the additional access password. In the method, under the condition that the user initiating the first authentication request is the user, other malicious users cannot log in the service system corresponding to the first account; under the condition that the user who initiates the first authentication request is not the principal, the principal can find out that the account password of the principal is leaked without knowing the additional access password when authenticating the first account, so that the subsequent processing can be carried out.
Step 212: and if the authentication is successful, allowing the user initiating the non-primary authentication request to log in a service system corresponding to the first account.
In an embodiment of this specification, the method further includes:
and if the authentication of the non-primary authentication request fails, refusing the user initiating the non-primary authentication request to log in a service system corresponding to the first account.
In an embodiment of this specification, the method further includes:
after the authentication of the non-primary authentication request fails, receiving a complaint request of the user initiating the non-primary authentication request, wherein the complaint request comprises the first account and the password to be authenticated;
displaying a complaint page to a user who initiates the complaint request, and authenticating the complaint request;
if the authentication is successful, displaying information when the authentication is successful for the first time in the preset safety period to a user who initiates the complaint request;
receiving an operation request of a user who initiates the complaint request;
if the operation request is a reset token, modifying the additional access password, sending the modified additional access password to the user registering the first account in a short message or mailbox mode, and adding additional processing;
receiving a modification request of the user registering the first account, wherein the modification request comprises the first account and a new password of the first account;
allowing the user registering the first account to log in a business system corresponding to the first account, and storing the first account and a new password of the first account;
if the operation request is a retrieval token, sending the additional access password to the user registering the first account in a short message or mailbox mode;
receiving an authentication request of the user registering the first account, wherein the authentication request comprises the first account to be authenticated and a password;
and allowing the user who successfully authenticates and registers the first account to log in a service system corresponding to the first account.
By the method, when the user initiating the first authentication request is the real user of the first account and the real user initiates a non-first authentication request but forgets the additional access password, the additional access password during the first authentication can be retrieved in a manner of retrieving the token in the complaint page, so that the authentication is successful and the service system of the first account is logged in; or
When the user initiating the first authentication request is not the real user of the first account and the real user initiates a non-first authentication request, the password can be found to be leaked, and the additional access password modified by the server is obtained by means of complaint of the page modification token, so that the authentication is successful, the service system of the first account is logged in, and the password of the first account is modified.
In an embodiment of this specification, the information when the first authentication is successful in the preset security period includes:
the IP of the user initiating the first authentication request, the time when the first authentication is successful and the browser type used when the user initiating the first authentication request is successfully authenticated.
For example, when the first authentication is successful, the IP of the user initiating the first authentication request is stored as 10.24.113.1, the time when the first authentication is successful is stored as 02:34, and the browser type used when the user initiating the first authentication request is successfully authenticated is stored.
When a real user of a first account initiates a non-primary authentication request, the real user can remember an additional access password or confirm whether the primary authentication request is initiated by the user or not by providing the information of successful primary authentication in the preset security period for the real user.
In an embodiment of this specification, the subsequent processing includes:
setting a high-risk label for the first account;
displaying a request for forcibly modifying a password to the user who registers the first account;
freezing the first account number.
For example, when a real user of the account abccc finds that the password is leaked, the server marks the account abccc as high-risk, provides a request for modifying the password for the real user, and freezes the account abccc after more than 5 times of authentication failures are performed on the account abccc.
The method can ensure that a user who logs in the account for the first time in a preset safety period can not log in the business system of the account if the user is the user, or the user can find the leakage of the password of the account in time and can perform subsequent processing in time if the user who logs in the account for the first time is the user. In addition, compared with the mode of authenticating short messages, the mode of displaying the additional access password after the first login is successful provided by the method can greatly reduce the cost of account authentication.
Corresponding to the aforementioned account login method, an embodiment of the present specification further provides an account login device, which may be implemented by software, or implemented by hardware, or implemented by a combination of hardware and software. The software implementation is taken as an example, and is formed by reading corresponding computer program instructions in the nonvolatile memory into the memory for operation through the processor of the device where the software implementation is located as a logical means. In terms of hardware, the device in which the account login apparatus of this specification is located may include other hardware besides the processor, the network interface, the memory, and the nonvolatile memory, which is not described again.
Referring to fig. 3, a block diagram of an account login apparatus 300 according to an embodiment of the present disclosure is provided. The account registration apparatus includes:
a receiving module 310, configured to receive a first authentication request for a first account within a preset security period, where the first authentication request includes the first account to be authenticated and a password;
an authentication module 320 configured to authenticate the first authentication request;
the processing module 330 is configured to display an additional access password to the user initiating the first authentication request when the authentication of the first authentication request is successful, and allow the user initiating the first authentication request to log in a service system corresponding to a first account;
the receiving module 310 is further configured to receive a non-primary authentication request for the first account within the security period;
the processing module 330 is further configured to prompt a user initiating the non-primary authentication request to provide an authentication item after receiving the non-primary authentication request for the first account in the security cycle, where the authentication item includes at least an additional access password;
the authentication module 320 is further configured to authenticate the non-first-time authentication request according to the additional access password provided by the user initiating the non-first-time authentication request;
the processing module 330 is further configured to allow the user initiating the non-primary authentication request to log in a service system corresponding to the first account when the non-primary authentication request is successful.
In an alternative embodiment, the additional access password comprises:
random numbers, random patterns, or random speech.
In an optional embodiment, the processing module 330 further includes:
and the setting unit is configured to set a label which is logged in for the first time within a preset security period for the first account after allowing the user initiating the first authentication request to log in a service system corresponding to the first account.
In an optional embodiment, the authentication item further comprises:
and adding the additional access password and the random number displayed by the current authentication page for the user initiating the non-primary authentication request to obtain a numerical value.
In an optional embodiment, the processing module 330 further includes:
and the first processing unit is configured to not display the additional access password after the authentication of the first authentication request fails, and refuse the user initiating the first authentication request to log in the service system corresponding to the first account.
In an optional embodiment, the processing module 330 further includes:
and the second processing unit is configured to refuse the user initiating the non-primary authentication request to log in a service system corresponding to the first account after the authentication of the non-primary authentication request fails.
In an optional embodiment, the processing module 330 further includes:
a third processing unit, configured to receive, after the authentication of the non-primary authentication request fails, a complaint request of the user initiating the non-primary authentication request, where the complaint request includes the first account and a password to be authenticated;
displaying a complaint page to a user who initiates the complaint request, and authenticating the complaint request;
when the complaint request is successfully authenticated, displaying information of the first authentication success in the preset safety period to a user who initiates the complaint request;
receiving an operation request of a user who initiates the complaint request;
if the operation request is a reset token, modifying the additional access password, sending the modified additional access password to the user registering the first account in a short message or mailbox mode, and adding additional processing; receiving a modification request of the user registering the first account, wherein the modification request comprises the first account and a new password of the first account; allowing the user registering the first account to log in a business system corresponding to the first account, and storing the first account and a new password of the first account;
if the operation request is a retrieval token, sending the additional access password to the user registering the first account in a short message or mailbox mode; receiving an authentication request of the user registering the first account, wherein the authentication request comprises the first account to be authenticated and a password; and allowing the user who successfully authenticates and registers the first account to log in a service system corresponding to the first account.
In an optional embodiment, the information when the first authentication is successful in the preset security period includes:
the IP of the user initiating the first authentication request, the time when the first authentication is successful and the browser type used when the user initiating the first authentication request is successfully authenticated.
In an alternative embodiment, the additional processing comprises:
setting a high-risk label for the first account;
displaying a request for forcibly modifying a password to the user who registers the first account;
freezing the first account number.
The account login device disclosed by the embodiment can ensure that a non-self can not log in a business system of the account under the condition that a user for logging in the account for the first time in a preset safety period is the self, or the self can timely find that the password of the account is leaked under the condition that the user for logging in the account for the first time is the non-self, and can timely perform subsequent processing. In addition, compared with the mode of authenticating short messages, the mode of displaying the additional access password applied by the device to the user after the first login is successful can greatly reduce the cost of account authentication.
The devices, modules or units illustrated in the above embodiments may be specifically implemented by computer chips or entities,
or by a product having a certain function. A typical implementation device is a computer, which may take the form of a personal computer, laptop computer, cellular telephone, camera phone, smart phone, personal digital assistant, media player, navigation device, email messaging device, game console, tablet computer, wearable device, or a combination of any of these devices.
The implementation process of the functions and actions of each unit in the above device is specifically described in the implementation process of the corresponding step in the above method, and is not described herein again.
For the device embodiments, since they substantially correspond to the method embodiments, reference may be made to the partial description of the method embodiments for relevant points. The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules can be selected according to actual needs to achieve the purpose of the solution in the specification. One of ordinary skill in the art can understand and implement it without inventive effort.
An embodiment of the present specification further provides a computing device, including a memory, a processor, and computer instructions stored on the memory and executable on the processor, where the processor executes the instructions to implement the steps of the account login method.
An embodiment of the present specification further provides a computer readable storage medium, which stores computer instructions, and when the instructions are executed by a processor, the computer instructions implement the steps of the account login method.
The above is an illustrative scheme of a computer-readable storage medium of the present embodiment. It should be noted that the technical solution of the storage medium belongs to the same concept as the technical solution of the above-mentioned automatic testing method, and details that are not described in detail in the technical solution of the storage medium can be referred to the description of the technical solution of the above-mentioned automatic testing method.
The computer instructions comprise computer program code which may be in the form of source code, object code, an executable file or some intermediate form, or the like. The computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, usb disk, removable hard disk, magnetic disk, optical disk, computer Memory, Read-Only Memory (ROM), Random Access Memory (RAM), electrical carrier wave signals, telecommunications signals, software distribution medium, and the like. It should be noted that the computer readable medium may contain content that is subject to appropriate increase or decrease as required by legislation and patent practice in jurisdictions, for example, in some jurisdictions, computer readable media does not include electrical carrier signals and telecommunications signals as is required by legislation and patent practice.
It should be noted that, for the sake of simplicity, the foregoing method embodiments are described as a series of acts or combinations, but those skilled in the art should understand that the present disclosure is not limited by the described order of acts, as some steps may be performed in other orders or simultaneously according to the present disclosure. Further, those skilled in the art should also appreciate that the embodiments described in this specification are preferred embodiments and that acts and modules referred to are not necessarily required for this description.
In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
The preferred embodiments of the present specification disclosed above are intended only to aid in the description of the specification. Alternative embodiments are not exhaustive and do not limit the invention to the precise embodiments described. Obviously, many modifications and variations are possible in light of the above teaching. The embodiments were chosen and described in order to best explain the principles of the specification and its practical application, to thereby enable others skilled in the art to best understand the specification and its practical application. The specification is limited only by the claims and their full scope and equivalents.

Claims (20)

1. An account login method is characterized by comprising the following steps:
receiving a first authentication request for a first account in a preset security period, wherein the first authentication request comprises the first account to be authenticated and a password;
authenticating the first authentication request;
if the authentication is successful, displaying an additional access password to the user initiating the first authentication request, and allowing the user initiating the first authentication request to log in a service system corresponding to the first account;
receiving a non-primary authentication request for the first account in the preset security period, and prompting a user initiating the non-primary authentication request to provide an authentication item, wherein the authentication item at least comprises an additional access password;
authenticating the non-primary authentication request according to the additional access password provided by the user initiating the non-primary authentication request;
and if the authentication is successful, allowing the user initiating the non-primary authentication request to log in a service system corresponding to the first account.
2. The method of claim 1, wherein the additional access password comprises:
random numbers, random patterns, or random speech.
3. The method according to claim 1, wherein after allowing the user initiating the first authentication request to log in a service system corresponding to the first account, the method further comprises:
and setting a label which is logged in for the first time within a preset safety period for the first account.
4. The method of claim 1, wherein the authentication term further comprises:
and adding the additional access password and the random number displayed by the current authentication page for the user initiating the non-primary authentication request to obtain a numerical value.
5. The method of claim 1, further comprising:
and if the authentication of the first authentication request fails, not displaying the additional access password, and refusing the user initiating the first authentication request to log in the service system corresponding to the first account.
6. The method of claim 1, further comprising:
and if the authentication of the non-primary authentication request fails, refusing the user initiating the non-primary authentication request to log in a service system corresponding to the first account.
7. The method of claim 1, further comprising:
after the authentication of the non-primary authentication request fails, receiving a complaint request of the user initiating the non-primary authentication request, wherein the complaint request comprises the first account and the password to be authenticated;
displaying a complaint page to a user who initiates the complaint request, and authenticating the complaint request;
if the authentication is successful, displaying information when the authentication is successful for the first time in the preset safety period to a user who initiates the complaint request;
receiving an operation request of a user who initiates the complaint request;
if the operation request is a reset token, modifying the additional access password, sending the modified additional access password to the user registering the first account in a short message or mailbox mode, and adding additional processing; receiving a modification request of the user registering the first account, wherein the modification request comprises the first account and a new password of the first account; allowing the user registering the first account to log in a business system corresponding to the first account, and storing the first account and a new password of the first account;
if the operation request is a retrieval token, sending the additional access password to the user registering the first account in a short message or mailbox mode; receiving an authentication request of the user registering the first account, wherein the authentication request comprises the first account to be authenticated and a password; and allowing the user who successfully authenticates and registers the first account to log in a service system corresponding to the first account.
8. The method according to claim 7, wherein the information of the first authentication success in the preset security period comprises:
the IP of the user initiating the first authentication request, the time when the first authentication is successful and the browser type used when the user initiating the first authentication request is successfully authenticated.
9. The method of claim 7, wherein the additional processing comprises:
setting a high-risk label for the first account;
displaying a request for forcibly modifying a password to the user who registers the first account;
freezing the first account number.
10. An account login apparatus, comprising:
the system comprises a receiving module, a sending module and a processing module, wherein the receiving module is configured to receive a first authentication request for a first account in a preset security period, and the first authentication request comprises the first account to be authenticated and a password;
an authentication module configured to authenticate the first authentication request;
the processing module is configured to display an additional access password to a user initiating the first authentication request when the first authentication request is successfully authenticated, and allow the user initiating the first authentication request to log in a service system corresponding to a first account;
the receiving module is further configured to receive a non-primary authentication request for the first account within the security period;
the processing module is further configured to prompt a user initiating the non-primary authentication request to provide an authentication item after receiving the non-primary authentication request for the first account in the security cycle, wherein the authentication item at least comprises an additional access password;
the authentication module is further configured to authenticate the non-first-time authentication request according to the additional access password provided by the user initiating the non-first-time authentication request;
the processing module is further configured to allow the user initiating the non-primary authentication request to log in a service system corresponding to the first account when the non-primary authentication request is successful.
11. The apparatus of claim 10, wherein the additional access password comprises:
random numbers, random patterns, or random speech.
12. The apparatus of claim 10, wherein the processing module further comprises:
and the setting unit is configured to set a label which is logged in for the first time within a preset security period for the first account after allowing the user initiating the first authentication request to log in a service system corresponding to the first account.
13. The apparatus of claim 10, wherein the authentication item further comprises:
and adding the additional access password and the random number displayed by the current authentication page for the user initiating the non-primary authentication request to obtain a numerical value.
14. The apparatus of claim 10, wherein the processing module further comprises:
and the first processing unit is configured to not display the additional access password after the authentication of the first authentication request fails, and refuse the user initiating the first authentication request to log in the service system corresponding to the first account.
15. The apparatus of claim 10, wherein the processing module further comprises:
and the second processing unit is configured to refuse the user initiating the non-primary authentication request to log in a service system corresponding to the first account after the authentication of the non-primary authentication request fails.
16. The apparatus of claim 10, wherein the processing module further comprises:
a third processing unit, configured to receive, after the authentication of the non-primary authentication request fails, a complaint request of the user initiating the non-primary authentication request, where the complaint request includes the first account and a password to be authenticated;
displaying a complaint page to a user who initiates the complaint request, and authenticating the complaint request;
when the complaint request is successfully authenticated, displaying information of the first authentication success in the preset safety period to a user who initiates the complaint request;
receiving an operation request of a user who initiates the complaint request;
if the operation request is a reset token, modifying the additional access password, sending the modified additional access password to the user registering the first account in a short message or mailbox mode, and adding additional processing; receiving a modification request of the user registering the first account, wherein the modification request comprises the first account and a new password of the first account; allowing the user registering the first account to log in a business system corresponding to the first account, and storing the first account and a new password of the first account;
if the operation request is a retrieval token, sending the additional access password to the user registering the first account in a short message or mailbox mode; receiving an authentication request of the user registering the first account, wherein the authentication request comprises the first account to be authenticated and a password; and allowing the user who successfully authenticates and registers the first account to log in a service system corresponding to the first account.
17. The apparatus according to claim 16, wherein the information of the first authentication success in the preset security period comprises:
the IP of the user initiating the first authentication request, the time when the first authentication is successful and the browser type used when the user initiating the first authentication request is successfully authenticated.
18. The apparatus of claim 16, wherein the additional processing comprises:
setting a high-risk label for the first account;
displaying a request for forcibly modifying a password to the user who registers the first account;
freezing the first account number.
19. A computing device comprising a memory, a processor and computer instructions stored on the memory and executable on the processor, wherein the processor when executing the instructions implements the steps of the method of any one of claims 1 to 9.
20. A computer-readable storage medium, characterized in that it stores computer instructions which, when executed by a processor, implement the steps of the method of any one of claims 1 to 9.
CN201811435218.4A 2018-11-28 2018-11-28 Account login method and device, computing equipment and storage medium Active CN109450917B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811435218.4A CN109450917B (en) 2018-11-28 2018-11-28 Account login method and device, computing equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811435218.4A CN109450917B (en) 2018-11-28 2018-11-28 Account login method and device, computing equipment and storage medium

Publications (2)

Publication Number Publication Date
CN109450917A CN109450917A (en) 2019-03-08
CN109450917B true CN109450917B (en) 2021-11-26

Family

ID=65555647

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811435218.4A Active CN109450917B (en) 2018-11-28 2018-11-28 Account login method and device, computing equipment and storage medium

Country Status (1)

Country Link
CN (1) CN109450917B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102164141A (en) * 2011-04-24 2011-08-24 陈珂 Method for protecting security of account
CN105530224A (en) * 2014-09-30 2016-04-27 中国电信股份有限公司 Method and device for terminal authentication
CN107196972A (en) * 2017-07-19 2017-09-22 中国银行股份有限公司 A kind of authentication method and system, terminal and server
US9832642B2 (en) * 2008-04-25 2017-11-28 Microsoft Technology Licensing, Llc Simplified login for mobile devices
CN107770053A (en) * 2017-10-30 2018-03-06 商客通尚景科技江苏有限公司 Instant messages reminding method under a kind of off-line state
CN107864475A (en) * 2017-12-20 2018-03-30 中电福富信息科技有限公司 The quick authentication methods of WiFi based on Portal+ dynamic passwords

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9832642B2 (en) * 2008-04-25 2017-11-28 Microsoft Technology Licensing, Llc Simplified login for mobile devices
CN102164141A (en) * 2011-04-24 2011-08-24 陈珂 Method for protecting security of account
CN105530224A (en) * 2014-09-30 2016-04-27 中国电信股份有限公司 Method and device for terminal authentication
CN107196972A (en) * 2017-07-19 2017-09-22 中国银行股份有限公司 A kind of authentication method and system, terminal and server
CN107770053A (en) * 2017-10-30 2018-03-06 商客通尚景科技江苏有限公司 Instant messages reminding method under a kind of off-line state
CN107864475A (en) * 2017-12-20 2018-03-30 中电福富信息科技有限公司 The quick authentication methods of WiFi based on Portal+ dynamic passwords

Also Published As

Publication number Publication date
CN109450917A (en) 2019-03-08

Similar Documents

Publication Publication Date Title
US10091195B2 (en) System and method for bootstrapping a user binding
EP3706022A2 (en) Permissions policy manager to configure permissions on computing devices
CN106797371B (en) Method and system for user authentication
Lee et al. An empirical study of wireless carrier authentication for {SIM} swaps
CN104092542B (en) A kind of account login method, Apparatus and system
US11277421B2 (en) Systems and methods for detecting and thwarting attacks on an IT environment
US11165793B2 (en) Method and system for detecting credential stealing attacks
US8984649B2 (en) Method and system for authenticating user access to a restricted resource across a computer network
US8990906B2 (en) Methods and systems for replacing shared secrets over networks
US11425571B2 (en) Device configuration method, apparatus and system
US11563740B2 (en) Methods and systems for blocking malware attacks
CN109784031B (en) Account identity verification processing method and device
Vapen et al. 2-clickauth optical challenge-response authentication
US20160373442A1 (en) User identity based on location patterns of non-associated devices
CN104767713A (en) Account binding method, server and account binding system
US20230091318A1 (en) System and method for pre-registration of fido authenticators
Stanislav Two-factor authentication
JP2015099470A (en) System, method, and server for authentication, and program
US20200374287A1 (en) Mutual identity verification
Kataria et al. Quantifying smartphone vulnerabilities
CN109450917B (en) Account login method and device, computing equipment and storage medium
CN112422570B (en) Game login method and device
CN107547569A (en) A kind of log-on message management method and device
Dudheria Assessing vulnerability of mobile messaging apps to man-in-the-middle (MitM) attack
CN113645054A (en) Wireless network equipment configuration method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP01 Change in the name or title of a patent holder

Address after: 519000 Room 102, 202, 302 and 402, No. 325, Qiandao Ring Road, Tangjiawan Town, high tech Zone, Zhuhai City, Guangdong Province, Room 102 and 202, No. 327 and Room 302, No. 329

Patentee after: Zhuhai Jinshan Digital Network Technology Co.,Ltd.

Patentee after: CHENGDU XISHANJU SHIYOU TECHNOLOGY Co.,Ltd.

Address before: 519000 Room 102, 202, 302 and 402, No. 325, Qiandao Ring Road, Tangjiawan Town, high tech Zone, Zhuhai City, Guangdong Province, Room 102 and 202, No. 327 and Room 302, No. 329

Patentee before: ZHUHAI KINGSOFT ONLINE GAME TECHNOLOGY Co.,Ltd.

Patentee before: CHENGDU XISHANJU SHIYOU TECHNOLOGY Co.,Ltd.

CP01 Change in the name or title of a patent holder